Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-4427 (GCVE-0-2026-4427)
Vulnerability from cvelistv5 – Published: 2026-03-19 14:24 – Updated: 2026-03-30 07:59
VLAI
EPSS
Duplicate of CVE-2026-32286
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2026-03-30T07:59:41.848Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"rejectedReasons": [
{
"lang": "en",
"value": "Duplicate of CVE-2026-32286"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-4427",
"datePublished": "2026-03-19T14:24:02.864Z",
"dateRejected": "2026-03-30T07:59:41.848Z",
"dateReserved": "2026-03-19T12:54:24.750Z",
"dateUpdated": "2026-03-30T07:59:41.848Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-4427\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2026-03-19T15:16:28.710\",\"lastModified\":\"2026-03-30T08:16:18.573\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: Duplicate of CVE-2026-32286\"}],\"metrics\":{},\"references\":[]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"rejectedReasons\": [{\"lang\": \"en\", \"value\": \"Duplicate of CVE-2026-32286\"}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-03-30T07:59:41.848Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-4427\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"state\": \"REJECTED\", \"assignerShortName\": \"redhat\", \"dateReserved\": \"2026-03-19T12:54:24.750Z\", \"datePublished\": \"2026-03-19T14:24:02.864Z\", \"dateUpdated\": \"2026-03-30T07:59:41.848Z\", \"dateRejected\": \"2026-03-30T07:59:41.848Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:11996
Vulnerability from csaf_redhat - Published: 2026-04-30 01:20 - Updated: 2026-06-09 07:13Summary
Red Hat Security Advisory: Red Hat Quay 3.9.21
Severity
Important
Notes
Topic: Red Hat Quay 3.9.21 is now available with bug fixes.
Details: Quay 3.9.21
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
No description is available for this CVE.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le | — |
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
8.1 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le | — |
Workaround
|
Threats
Impact
Important
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9.21 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9.21",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:11996",
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11996.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.9.21",
"tracking": {
"current_release_date": "2026-06-09T07:13:45+00:00",
"generator": {
"date": "2026-06-09T07:13:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:11996",
"initial_release_date": "2026-04-30T01:20:06+00:00",
"revision_history": [
{
"date": "2026-04-30T01:20:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-30T01:20:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-09T07:13:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.9",
"product": {
"name": "Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776963375"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776962931"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Ad201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776956601"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776956008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705943"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1777327525"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705534"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1777328140"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776908959"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776782369"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aa0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776962931"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776956008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1777327525"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ab8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705534"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776908959"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776782369"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ad18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776962931"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776956008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ac2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1777327525"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Abad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705534"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776908959"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776782369"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T00:01:41.404915+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448503"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: DTLS cookie callback buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "RHBZ#2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"release_date": "2026-03-17T23:34:28.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyOpenSSL: DTLS cookie callback buffer overflow"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:19375
Vulnerability from csaf_redhat - Published: 2026-05-19 21:01 - Updated: 2026-06-09 07:14Summary
Red Hat Security Advisory: Red Hat Quay 3.16.4
Severity
Important
Notes
Topic: Red Hat Quay 3.16.4 is now available with bug fixes.
Details: Quay 3.16.4
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.
7.0 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
No description is available for this CVE.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service (DoS) by hanging the process.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an invalid signature without retrying. This vulnerability allows an attacker to recover the private key used for signing.
8.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker's key, allowing them to bypass authentication and gain unauthorized access.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Low
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).
8.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.
7.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Moderate
A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.
7.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
7.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Threats
Impact
Important
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le | — |
Workaround
|
Threats
Impact
Important
References
261 references
Acknowledgments
Antony Di Scala
Michael Whale
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.16.4 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.16.4",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:19375",
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62718",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2377",
"url": "https://access.redhat.com/security/cve/CVE-2026-2377"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27962",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29063",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-30922",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32589",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32590",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32597",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33894",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40192",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4598",
"url": "https://access.redhat.com/security/cve/CVE-2026-4598"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4599",
"url": "https://access.redhat.com/security/cve/CVE-2026-4599"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4600",
"url": "https://access.redhat.com/security/cve/CVE-2026-4600"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4601",
"url": "https://access.redhat.com/security/cve/CVE-2026-4601"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4602",
"url": "https://access.redhat.com/security/cve/CVE-2026-4602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19375.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.16.4",
"tracking": {
"current_release_date": "2026-06-09T07:14:04+00:00",
"generator": {
"date": "2026-06-09T07:14:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:19375",
"initial_release_date": "2026-05-19T21:01:11+00:00",
"revision_history": [
{
"date": "2026-05-19T21:01:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-01T19:33:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-09T07:14:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.16",
"product": {
"name": "Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3Aae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1778705065"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704515"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1778705175"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3Af610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704509"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1778705015"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3Af423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704556"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1779209336"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1779135957"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1779204086"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704515"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704509"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704556"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Ae77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1779135957"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3Af6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1779204086"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704515"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704509"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1778704556"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1779135957"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3Aad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1779204086"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1779204086"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-62718",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-09T15:01:48.111177+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456913"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has limited impact due to combination of non-default conditions to exploit: the attacker must be able to control or influence URLs passed to axios in a server-side context, the application must have both `HTTP_PROXY` and `NO_PROXY` configured, and the proxy itself must be positioned to act on the misdirected traffic or have been compromised by the attacker to intercept the rerouted traffic.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "RHBZ#2456913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1",
"url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2",
"url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df",
"url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10661",
"url": "https://github.com/axios/axios/pull/10661"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.0",
"url": "https://github.com/axios/axios/releases/tag/v1.15.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"
}
],
"release_date": "2026-04-09T14:31:46.067000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-2377",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-02-11T21:02:44.495000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439201"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application\u0027s backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Due to the intended and supported use case of Openshift Mirror Registry, deployment in an offline or network-isolated environment, the impact for this product has been downgraded to `Moderate`.\n\nEven in case of compromise, the blast radius is restricted to mirror-registry. It can not be escalated outside the core product. This vulnerability has been scored based on the lack of change of scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2377"
},
{
"category": "external",
"summary": "RHBZ#2439201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2377",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2377"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2377",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2377"
}
],
"release_date": "2026-04-08T16:18:10.324000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality"
},
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-4598",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-03-23T06:01:47.891452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service (DoS) by hanging the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: A denial of service flaw was found in jsrsasign. This vulnerability allows a remote attacker to cause a permanent denial of service by providing specially crafted zero or negative inputs to the bnModInverse function, leading to an infinite loop. This affects Red Hat Migration Toolkit for Virtualization and Red Hat Quay, which utilize the vulnerable jsrsasign component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4598"
},
{
"category": "external",
"summary": "RHBZ#2450210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264",
"url": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323",
"url": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/648",
"url": "https://github.com/kjur/jsrsasign/pull/648"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938"
}
],
"release_date": "2026-03-23T05:00:11.571000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs"
},
{
"cve": "CVE-2026-4599",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2026-03-23T06:01:34.008562+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4599"
},
{
"category": "external",
"summary": "RHBZ#2450207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4599",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4599"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4599",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4599"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20",
"url": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1",
"url": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/647",
"url": "https://github.com/kjur/jsrsasign/pull/647"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939"
}
],
"release_date": "2026-03-23T05:00:12.522000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces"
},
{
"cve": "CVE-2026-4600",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-23T06:01:39.334925+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450208"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT. The flaw in jsrsasign allows an attacker to forge Digital Signature Algorithm (DSA) signatures or X.509 certificates by providing malicious domain parameters during validation. This could lead to unauthorized access or data manipulation in affected Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, where jsrsasign is utilized for cryptographic signature verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4600"
},
{
"category": "external",
"summary": "RHBZ#2450208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4600",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4600"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4600",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4600"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7",
"url": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60",
"url": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/646",
"url": "https://github.com/kjur/jsrsasign/pull/646"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940"
}
],
"release_date": "2026-03-23T05:00:08.475000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters"
},
{
"cve": "CVE-2026-4601",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-23T06:01:44.014846+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450209"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an invalid signature without retrying. This vulnerability allows an attacker to recover the private key used for signing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: A flaw in the jsrsasign library allows for private key recovery due to a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process. An attacker can manipulate signature generation within the KJUR.crypto.DSA.signWithMessageHash function to force specific values, enabling the recovery of the private key. This impacts Red Hat products utilizing jsrsasign, such as Migration Toolkit for Virtualization and Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4601"
},
{
"category": "external",
"summary": "RHBZ#2450209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4601"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586",
"url": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb",
"url": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/645",
"url": "https://github.com/kjur/jsrsasign/pull/645"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941"
}
],
"release_date": "2026-03-23T05:00:13.312000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing"
},
{
"cve": "CVE-2026-4602",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"discovery_date": "2026-03-23T06:01:28.729668+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450206"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT flaw. The `jsrsasign` library, as used in Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, is vulnerable to a signature verification bypass. A remote attacker could provide a specially crafted negative exponent to the `modPow` function, leading to incorrect modular inverse computations and allowing them to bypass signature verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4602"
},
{
"category": "external",
"summary": "RHBZ#2450206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450206"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4602"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5",
"url": "https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195",
"url": "https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/650",
"url": "https://github.com/kjur/jsrsasign/pull/650"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175"
}
],
"release_date": "2026-03-23T05:00:10.567000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T00:01:41.404915+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448503"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: DTLS cookie callback buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "RHBZ#2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"release_date": "2026-03-17T23:34:28.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyOpenSSL: DTLS cookie callback buffer overflow"
},
{
"cve": "CVE-2026-27962",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-16T18:02:07.041902+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker\u0027s key, allowing them to bypass authentication and gain unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This critical vulnerability in Authlib\u0027s JWS implementation allows unauthenticated attackers to forge JWTs by embedding their own cryptographic key in the token header. Impact is high to confidentiality and integrity as attackers can bypass authentication.\n\nThe impact for Red Hat Quay is rated as low because it imports authlib solely as a JWK parsing utility and performs all JWT signature verification through PyJWT, so the vulnerable jws.deserialize_compact() code path is never called.\n\nRed Hat OpenShift AI is not affected, since authlib is only present as a transitive dependency in the dev dependency group and is not included in production image builds, so the vulnerable code is not present in the shipped product.\n\nRed Hat Satellite is not affected, as authlib is only present as a dependency of fastmcp. In Satellite, fastmcp only invokes authlib using jwt.decode() which isn\u0027t able to reach the vulnerability condition even with key=none.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "RHBZ#2448164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27962",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681",
"url": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5"
}
],
"release_date": "2026-03-16T17:34:38.946000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
},
{
"cve": "CVE-2026-29063",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-06T19:00:57.982727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this vulnerability requires that an attacker is able to provide arbitrary data to clients of this library in a way that calls the affected functions with data the attacker controls. In most deployments, the ability to provide data in this fashion requires that an attacker has some degree of privileges to access the affected applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "RHBZ#2445291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw",
"url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"
}
],
"release_date": "2026-03-06T18:25:22.438000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-30922",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-03-18T04:02:45.401296+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448553"
}
],
"notes": [
{
"category": "description",
"text": "An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "RHBZ#2448553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0",
"url": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r",
"url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r"
}
],
"release_date": "2026-03-18T02:29:45.857000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32589",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2026-03-12T14:43:07.878000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446963"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user\u0027s in-progress image upload.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: insecure direct object reference in BlobUpload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials to the Quay registry. Unauthenticated users cannot exploit this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "RHBZ#2446963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32589",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32589"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: insecure direct object reference in BlobUpload"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32590",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-03-12T14:43:11.443000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446964"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: remote code execution using pickle deserialization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials. The attacker must be authenticated to the registry, either through the web interface or through a container tool such as Podman.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "RHBZ#2446964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446964"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32590",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mirror-registry: remote code execution using pickle deserialization"
},
{
"cve": "CVE-2026-32597",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-12T22:01:29.967713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447194"
}
],
"notes": [
{
"category": "description",
"text": "A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 \u00a74.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "RHBZ#2447194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f"
}
],
"release_date": "2026-03-12T21:41:50.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33894",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-27T21:02:52.462999+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "RHBZ#2452464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33894"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc2313#section-8",
"url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"
},
{
"category": "external",
"summary": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE",
"url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc8017.html",
"url": "https://www.rfc-editor.org/rfc/rfc8017.html"
}
],
"release_date": "2026-03-27T20:45:49.583000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-39892",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-08T22:00:59.416053+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "RHBZ#2456735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
"url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"release_date": "2026-04-08T20:49:41.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
},
{
"cve": "CVE-2026-40192",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-04-16T00:00:49.590876+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458856"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library\u0027s failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "RHBZ#2458856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628",
"url": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/pull/9521",
"url": "https://github.com/python-pillow/Pillow/pull/9521"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j"
},
{
"category": "external",
"summary": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb"
}
],
"release_date": "2026-04-15T22:53:56.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T21:01:11+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:478f0e44eaf9907d18c8e765b16d80b9cc0bb3eac50ff8e118e3349aa29a9b46_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:4e7266596726edd7cde2b55bd7bed8910f4cbc1b310c11557e3552239ed3750f_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:f423a53dff70862980ee4381a9fe0fb5d19ce4d9932d7784491d057671d1fc2e_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:203097d7c260c95d7cf8e14a378542f75aae84f234a28d61d419f7b434562a9f_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:116b0249564f8424a5438e4a2edd0a9fa8c9449c4cea1ac1b642904d46dccf2f_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:68e02cfb3de2728a3f7f3cdd7b3ab231aa50ff51be51455bf1015ebc8addac66_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:f610987c52a000670dd5ba0a943f8d3ca38cdd71a0239a95b93260b4ce254b7b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6c64c35079e0af57beeb1dec93cad23c91dbfca34d25ecdf6326cdf5d557e1b9_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:25be6b83e985ef60d32dec94f57f530b8a4be88c6f23627789f11eb4a0e8870b_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:34d0eac97f889384b67037fdf957e53c02c7ec2579e436e28f49b66d586062cf_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8d71f18daf54d0311be34071b85d6f48c2895785c986e31a218cd748c443d60b_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:ae76dd5965cf14d53a81b5e88ec2f9406d12834a8f5fb1f3ee14fc3271ecceee_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:2fc63e77e837796a5082b58defffc6c46a9a4e8038190c9b8f87213bdf46c006_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:622a11babb195484a89cad806b9b79b6a99df53ad6ebb3d3d68b0a97ded78f79_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9e77748984103da9604314a20f66f4fe9710f645dec385b1069ea20d9d0c6ed1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:631c61a88de857bac8503386173a7689c462cfa07141969beb1ab958d85996a3_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:2c5d16299741b7ebcb712479d5c82bb4fa498c6e043786abbff4c52b982c4879_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:74cda2cf2b38b3cd62e5527e421dd7fbe756350e326e0b385ad9518302e08f03_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:e77909a680cd9586f86b793363ffcba2352d25b2c255e7608582e6e7a6659ff2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:139cae64e4790ebf8b760c6376a33d15233222a25e4da39c6062d7e46c3a1bef_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:52883f389182907dec0e286d626c4faea0f4ae29a5d0e841d6ad2287fdb964c2_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:ad162e6ea2f6fd246f605180699ce36e4ea91c4b551c7af600a64e671a303ee9_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:f6a15c2f1b4d5900cdbd366080e40d3a90d51ba9e5b4d6196e15eefe69d902c3_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
RHSA-2026:21017
Vulnerability from csaf_redhat - Published: 2026-05-26 17:12 - Updated: 2026-06-09 07:14Summary
Red Hat Security Advisory: Red Hat Quay 3.14.8
Severity
Important
Notes
Topic: Red Hat Quay 3.14.8 is now available with bug fixes.
Details: Quay 3.14.8
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.
7.0 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Threats
Impact
Important
No description is available for this CVE.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Threats
Impact
Important
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Threats
Impact
Important
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.
7.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Threats
Impact
Moderate
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.
7.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
7.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 | — |
Workaround
|
Threats
Impact
Important
References
178 references
Acknowledgments
Antony Di Scala
Michael Whale
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.14.8 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.14.8",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:21017",
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62718",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2377",
"url": "https://access.redhat.com/security/cve/CVE-2026-2377"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32589",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32590",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33894",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40192",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_21017.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.14.8",
"tracking": {
"current_release_date": "2026-06-09T07:14:06+00:00",
"generator": {
"date": "2026-06-09T07:14:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:21017",
"initial_release_date": "2026-05-26T17:12:40+00:00",
"revision_history": [
{
"date": "2026-05-26T17:12:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-02T17:21:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-09T07:14:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.14",
"product": {
"name": "Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.14::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=1778873727"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=1778874411"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Abc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1778873623"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ae76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1778874087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1778873627"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ac82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1778873589"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Aa620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=1779693417"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Adb535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1778873585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779689392"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1778873623"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ab83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1778874087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Aeade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1778873627"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72?arch=arm64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1778873589"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1778873585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Aa46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779689392"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1778873623"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1778874087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1778873627"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1778873589"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1778873585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Afca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779689392"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1778873623"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1778874087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Afac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1778873627"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ac36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1778873589"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1778873585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779689392"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-62718",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-09T15:01:48.111177+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456913"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has limited impact due to combination of non-default conditions to exploit: the attacker must be able to control or influence URLs passed to axios in a server-side context, the application must have both `HTTP_PROXY` and `NO_PROXY` configured, and the proxy itself must be positioned to act on the misdirected traffic or have been compromised by the attacker to intercept the rerouted traffic.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "RHBZ#2456913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1",
"url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2",
"url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df",
"url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10661",
"url": "https://github.com/axios/axios/pull/10661"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.0",
"url": "https://github.com/axios/axios/releases/tag/v1.15.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"
}
],
"release_date": "2026-04-09T14:31:46.067000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-2377",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-02-11T21:02:44.495000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439201"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application\u0027s backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Due to the intended and supported use case of Openshift Mirror Registry, deployment in an offline or network-isolated environment, the impact for this product has been downgraded to `Moderate`.\n\nEven in case of compromise, the blast radius is restricted to mirror-registry. It can not be escalated outside the core product. This vulnerability has been scored based on the lack of change of scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2377"
},
{
"category": "external",
"summary": "RHBZ#2439201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2377",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2377"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2377",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2377"
}
],
"release_date": "2026-04-08T16:18:10.324000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality"
},
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T00:01:41.404915+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448503"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: DTLS cookie callback buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "RHBZ#2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"release_date": "2026-03-17T23:34:28.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyOpenSSL: DTLS cookie callback buffer overflow"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32589",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2026-03-12T14:43:07.878000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446963"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user\u0027s in-progress image upload.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: insecure direct object reference in BlobUpload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials to the Quay registry. Unauthenticated users cannot exploit this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "RHBZ#2446963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32589",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32589"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: insecure direct object reference in BlobUpload"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32590",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-03-12T14:43:11.443000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446964"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: remote code execution using pickle deserialization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials. The attacker must be authenticated to the registry, either through the web interface or through a container tool such as Podman.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "RHBZ#2446964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446964"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32590",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mirror-registry: remote code execution using pickle deserialization"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33894",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-27T21:02:52.462999+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "RHBZ#2452464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33894"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc2313#section-8",
"url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"
},
{
"category": "external",
"summary": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE",
"url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc8017.html",
"url": "https://www.rfc-editor.org/rfc/rfc8017.html"
}
],
"release_date": "2026-03-27T20:45:49.583000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-39892",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-08T22:00:59.416053+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "RHBZ#2456735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
"url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"release_date": "2026-04-08T20:49:41.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
},
{
"cve": "CVE-2026-40192",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-04-16T00:00:49.590876+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458856"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library\u0027s failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "RHBZ#2458856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628",
"url": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/pull/9521",
"url": "https://github.com/python-pillow/Pillow/pull/9521"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j"
},
{
"category": "external",
"summary": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb"
}
],
"release_date": "2026-04-15T22:53:56.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T17:12:40+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:4dcd3b60f93e03d7d59e7dedc2ffcaa835de53ce672a179527f26ffe295473d2_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:7a0ec7eb2f7e1cd78834a108c84edb7f3a9f769209ba98b8bb0d1f7d66344e72_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c36f983f25aad87857f89920f0878fb081f9c55d471e98fa25a3af0507da4b42_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:c82534a20a7a5e2ecd49ac6307df13ede380c8b3d7ca4c6978aed1efab9c6ae4_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:36377e0f89e28bb05dd45c424ac336b2884e91267a118763ddd9a1e8d8f75295_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:087c088a5f5da9a54608fd93bbc47654b7c24661dfcdf3b64d04d496924a5e4b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:0e7f72c6427b9c941a765470683c3cfe81644bd0337b88c5f3d9021978aa38de_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:496e288875b50bb6f5ff1f92cd95a8df52ee02e97178e4134fcc3fc0b829f3b1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bc8584dbad964920db04fb5fa27044cb0219f7d736da16abe5deec2fb3d7b1a8_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1fa815f5c0f997f55ca2db83575360f084d0ead955e62adcb7b4f0b53b1a01c7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:532d123f74a39a92346daf91d69f2eebc97d48d49cf89b21ec4114824cb23b2d_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b83c36737a574a3454d1be87b9bb7a513eab7b5071c662fde05e791ec2596ee2_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e76507eecc44ee17c66566769ff427c561df85db700c2b16ead0ecd894f40b9f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:052bf6483aa0e3cfae7cc28822bb05b7ebf1c2dd2019bae53874db19a7ced51f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:0f209a6799f9eb6987d9479fc6631d3f6dabdf89faa0059c9c62010f4f46e2ba_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:eade47dd4e39ed346f9ea867a90e07fc70ff2ff4a6cce4a21ac77f88e9abad10_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:fac5b4a10d565051251ec328df69026458ede4dadc48b401dcb923979bf96b88_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9e026e4b86da6a0719b0bf6973d465cd542ead1715afb516e5e37ae8d9057964_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:a620b5e2749ad150d7ee07bd240f29a69ad2593a522869bd334441e9fb346e0e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6753b3d04a0cbf3ae35f8141df96505f099a39645ae3e68ae0b417ac572be64e_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:85c3bbf75379da98fbffe5ea1c53893a11ce42939d68687f16a0b687a9ba4b33_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:9fc318dd2650e6f3b68084e2f155a5485395026cba186018f6a2d5e70284bb6a_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:db535f8a5dea4124ee8140a48362d0a631cc19158a3944f0059219a5c7b44e3e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:4ae7d2d72a2370bd5401f570e21386bc9a6df0b145030060c922fcf754c7839b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:9f5d146fc72a09d9067705a35274a251708cebc4c6a7e50615bdbce3e128c097_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:a46c3fd8bb72616f07d2fb47eae9b060ea6c5135ec365d7ddc0dc18054da0b1b_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:fca718bcd95971e571d13f9139e2f40c2daeca9605c669d73ed3055d9e3a53e2_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
RHSA-2026:21769
Vulnerability from csaf_redhat - Published: 2026-05-28 20:39 - Updated: 2026-06-09 07:14Summary
Red Hat Security Advisory: Multicluster Global Hub 1.5.4 security update
Severity
Important
Notes
Topic: Multicluster Global Hub v1.5.4 general availability release images, which provide security fixes, bug fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details: Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
No description is available for this CVE.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
A flaw was found in Tempo. A remote attacker can exploit this vulnerability by sending large queries to the Tempo service. This can lead to excessive memory allocations, potentially causing a Denial of Service (DoS) by impacting the availability of the service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker can exploit this vulnerability before authentication by sending a specially crafted WebSockets frame. This missing sanity check can trigger a server panic, leading to a Denial of Service (DoS) for affected deployments that use WebSockets and expose the network port to untrusted endpoints.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. A remote attacker can exploit this vulnerability by connecting to a NATS-Server instance where the 'leafnode' configuration is enabled and compression is active. This pre-authentication flaw allows the attacker to trigger a server crash, resulting in a Denial of Service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. A remote attacker could exploit this vulnerability by manipulating MQTT (Message Queuing Telemetry Transport) Client IDs. This malfeasance allows for the hijacking of client sessions and messages. This could lead to unauthorized access to sensitive information or disruption of service.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Moderate
A flaw was found in NATS-Server, a high-performance server for the NATS.io messaging system. For MQTT deployments utilizing usercodes and passwords, the MQTT passwords were mistakenly categorized as non-authenticating identity statements (JSON Web Tokens - JWT). This misclassification leads to the exposure of these passwords through monitoring endpoints, enabling an attacker with access to these endpoints to gain sensitive information.
8.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. When Access Control Lists (ACLs) were configured for message subjects, these controls were not correctly applied within the `$MQTT.>` namespace. This oversight allows MQTT clients to bypass the intended ACL checks, potentially granting unauthorized access to sensitive message subjects. This vulnerability could lead to information disclosure or unauthorized message manipulation.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker, by connecting to the leafnode port and sending a specially crafted malformed message before authentication, can cause the nats-server to crash. This vulnerability leads to a Denial of Service (DoS), making the server unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. A malicious client connecting to the WebSockets port can cause unbounded memory use before authentication by sending a large amount of data. This resource exhaustion vulnerability can lead to a Denial of Service (DoS) for the server, making it unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. If the NATS-Server is configured with static credentials provided through command-line arguments (argv) and the monitoring port is enabled, a remote attacker with access to the monitoring port can view these credentials. The /debug/vars endpoint on the monitoring port exposes an unredacted copy of the command-line arguments, leading to information disclosure of sensitive authentication details.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in etcd, a distributed key-value store. Unauthorized users can bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients. This allows them to access sensitive cluster topology information, disrupt operations through alarms, interfere with lease management, and trigger data compaction, leading to permanent data loss and disruption of critical workflows. This vulnerability can result in information disclosure and denial of service.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in goxmlsig, a Go library for XML Digital Signatures. This vulnerability arises from a programming error, specifically a loop variable capture issue, within the `validateSignature` function. When processing XML Digital Signatures, this error can cause the system to incorrectly validate the signature, potentially allowing an attacker to bypass integrity checks. This issue affects Go versions before 1.22 or projects using older `go.mod` configurations.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
8.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Moderate
A flaw was found in Moby, an open-source container framework. This vulnerability allows for a privilege validation bypass during `docker plugin install`. Due to an error in the daemon's privilege comparison logic, the system may incorrectly accept a plugin's requested privileges that differ from those approved by the user. This could lead to unauthorized privilege escalation for installed plugins.
8.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in Moby, an open-source container framework. This security vulnerability allows attackers to bypass authorization plugins (AuthZ), which are mechanisms designed to control access and permissions within the container environment. The bypass of these plugins can lead to unauthorized operations and potential compromise of the system's integrity and confidentiality.
8.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in github.com/gomarkdown/markdown, a Go library for parsing Markdown text and rendering as HTML. A remote attacker could exploit this vulnerability by providing a specially crafted malformed input. Specifically, input containing a '<' character not followed by a '>' character, when processed by the SmartypantsRenderer, can lead to an out-of-bounds read or a panic. This can result in a denial of service (DoS) for the application, making it unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or altering sensitive communications and leading to unauthorized access or information disclosure.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled within the application.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service (DoS) condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system unavailability.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Important
Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Threats
Impact
Moderate
A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.
7.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 | — |
Workaround
|
Threats
Impact
Important
References
248 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multicluster Global Hub v1.5.4 general availability release images, which provide security fixes, bug fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. \nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:21769",
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21728",
"url": "https://access.redhat.com/security/cve/CVE-2026-21728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27889",
"url": "https://access.redhat.com/security/cve/CVE-2026-27889"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29785",
"url": "https://access.redhat.com/security/cve/CVE-2026-29785"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32283",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32285",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33215",
"url": "https://access.redhat.com/security/cve/CVE-2026-33215"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33216",
"url": "https://access.redhat.com/security/cve/CVE-2026-33216"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33217",
"url": "https://access.redhat.com/security/cve/CVE-2026-33217"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33218",
"url": "https://access.redhat.com/security/cve/CVE-2026-33218"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33219",
"url": "https://access.redhat.com/security/cve/CVE-2026-33219"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33247",
"url": "https://access.redhat.com/security/cve/CVE-2026-33247"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33413",
"url": "https://access.redhat.com/security/cve/CVE-2026-33413"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33487",
"url": "https://access.redhat.com/security/cve/CVE-2026-33487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33813",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33997",
"url": "https://access.redhat.com/security/cve/CVE-2026-33997"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34040",
"url": "https://access.redhat.com/security/cve/CVE-2026-34040"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40890",
"url": "https://access.redhat.com/security/cve/CVE-2026-40890"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41602",
"url": "https://access.redhat.com/security/cve/CVE-2026-41602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41603",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41604",
"url": "https://access.redhat.com/security/cve/CVE-2026-41604"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41605",
"url": "https://access.redhat.com/security/cve/CVE-2026-41605"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41606",
"url": "https://access.redhat.com/security/cve/CVE-2026-41606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41607",
"url": "https://access.redhat.com/security/cve/CVE-2026-41607"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41636",
"url": "https://access.redhat.com/security/cve/CVE-2026-41636"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-43869",
"url": "https://access.redhat.com/security/cve/CVE-2026-43869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_21769.json"
}
],
"title": "Red Hat Security Advisory: Multicluster Global Hub 1.5.4 security update",
"tracking": {
"current_release_date": "2026-06-09T07:14:08+00:00",
"generator": {
"date": "2026-06-09T07:14:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:21769",
"initial_release_date": "2026-05-28T20:39:36+00:00",
"revision_history": [
{
"date": "2026-05-28T20:39:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-28T20:39:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-09T07:14:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Multicluster Global Hub 1.5.4",
"product": {
"name": "Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_globalhub:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Multicluster Global Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Ad91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1778867753"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Adc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779828691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Ab70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779828813"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256%3A8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle\u0026tag=1779837290"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779828536"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779835152"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1778867753"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779828691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779828813"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ac985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779828536"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779835152"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Afc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1778867753"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Afb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779828691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779828813"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779828536"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Aeaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779835152"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Ae26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1778867753"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Adf44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779828691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Abb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779828813"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Acffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779828536"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779835152"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-21728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T09:00:58.144273+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461395"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tempo. A remote attacker can exploit this vulnerability by sending large queries to the Tempo service. This can lead to excessive memory allocations, potentially causing a Denial of Service (DoS) by impacting the availability of the service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana/tempo: Tempo: Denial of Service via large queries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21728"
},
{
"category": "external",
"summary": "RHBZ#2461395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21728",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21728"
},
{
"category": "external",
"summary": "https://grafana.com/security/security-advisories/cve-2026-21728",
"url": "https://grafana.com/security/security-advisories/cve-2026-21728"
}
],
"release_date": "2026-04-24T08:00:47.074000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana/tempo: Tempo: Denial of Service via large queries"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-27889",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-25T20:01:58.261703+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451447"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker can exploit this vulnerability before authentication by sending a specially crafted WebSockets frame. This missing sanity check can trigger a server panic, leading to a Denial of Service (DoS) for affected deployments that use WebSockets and expose the network port to untrusted endpoints.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed WebSockets frame",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27889"
},
{
"category": "external",
"summary": "RHBZ#2451447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27889",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27889"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-03.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-03.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6"
}
],
"release_date": "2026-03-25T19:36:36.370000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed WebSockets frame"
},
{
"cve": "CVE-2026-29785",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-03-25T20:01:35.121898+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451444"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A remote attacker can exploit this vulnerability by connecting to a NATS-Server instance where the \u0027leafnode\u0027 configuration is enabled and compression is active. This pre-authentication flaw allows the attacker to trigger a server crash, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via leafnode compression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29785"
},
{
"category": "external",
"summary": "RHBZ#2451444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451444"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29785",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29785"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-04.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-04.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8",
"url": "https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6"
}
],
"release_date": "2026-03-25T19:38:44.587000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via leafnode compression"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32285",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:54.925687+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "RHBZ#2451846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32285",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://github.com/buger/jsonparser/issues/275",
"url": "https://github.com/buger/jsonparser/issues/275"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4514",
"url": "https://github.com/golang/vulndb/issues/4514"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4514",
"url": "https://pkg.go.dev/vuln/GO-2026-4514"
}
],
"release_date": "2026-03-26T19:40:51.837000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33215",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2026-03-24T22:01:19.032191+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451021"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A remote attacker could exploit this vulnerability by manipulating MQTT (Message Queuing Telemetry Transport) Client IDs. This malfeasance allows for the hijacking of client sessions and messages. This could lead to unauthorized access to sensitive information or disruption of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: NATS-Server: Session and message hijacking via MQTT Client ID malfeasance",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33215"
},
{
"category": "external",
"summary": "RHBZ#2451021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451021"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33215"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-06.tx",
"url": "https://advisories.nats.io/CVE/secnote-2026-06.tx"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879"
}
],
"release_date": "2026-03-24T20:55:53.455000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nats-server: NATS-Server: Session and message hijacking via MQTT Client ID malfeasance"
},
{
"cve": "CVE-2026-33216",
"cwe": {
"id": "CWE-213",
"name": "Exposure of Sensitive Information Due to Incompatible Policies"
},
"discovery_date": "2026-03-25T20:02:03.000174+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451448"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance server for the NATS.io messaging system. For MQTT deployments utilizing usercodes and passwords, the MQTT passwords were mistakenly categorized as non-authenticating identity statements (JSON Web Tokens - JWT). This misclassification leads to the exposure of these passwords through monitoring endpoints, enabling an attacker with access to these endpoints to gain sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Information disclosure of MQTT passwords through monitoring endpoints",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33216"
},
{
"category": "external",
"summary": "RHBZ#2451448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451448"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33216"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-05.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-05.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/b5b63cfc35a57075e09c1f57503d31721bed8099",
"url": "https://github.com/nats-io/nats-server/commit/b5b63cfc35a57075e09c1f57503d31721bed8099"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-v722-jcv5-w7mc",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-v722-jcv5-w7mc"
}
],
"release_date": "2026-03-25T19:41:55.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Information disclosure of MQTT passwords through monitoring endpoints"
},
{
"cve": "CVE-2026-33217",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"discovery_date": "2026-03-25T20:01:47.815937+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451446"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. When Access Control Lists (ACLs) were configured for message subjects, these controls were not correctly applied within the `$MQTT.\u003e` namespace. This oversight allows MQTT clients to bypass the intended ACL checks, potentially granting unauthorized access to sensitive message subjects. This vulnerability could lead to information disclosure or unauthorized message manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Access control bypass via unapplied ACLs in MQTT namespace",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33217"
},
{
"category": "external",
"summary": "RHBZ#2451446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451446"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33217",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33217"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-07.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-07.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-jxxm-27vp-c3m5",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-jxxm-27vp-c3m5"
}
],
"release_date": "2026-03-25T19:43:40.969000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Access control bypass via unapplied ACLs in MQTT namespace"
},
{
"cve": "CVE-2026-33218",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-25T20:02:13.680355+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451450"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker, by connecting to the leafnode port and sending a specially crafted malformed message before authentication, can cause the nats-server to crash. This vulnerability leads to a Denial of Service (DoS), making the server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed message pre-authentication on leafnode port",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33218"
},
{
"category": "external",
"summary": "RHBZ#2451450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33218",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33218"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33218"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-10.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-10.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-vprv-35vv-q339",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-vprv-35vv-q339"
}
],
"release_date": "2026-03-25T19:53:12.075000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed message pre-authentication on leafnode port"
},
{
"cve": "CVE-2026-33219",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-25T20:01:41.235854+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451445"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A malicious client connecting to the WebSockets port can cause unbounded memory use before authentication by sending a large amount of data. This resource exhaustion vulnerability can lead to a Denial of Service (DoS) for the server, making it unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via unbounded memory use in WebSockets",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33219"
},
{
"category": "external",
"summary": "RHBZ#2451445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451445"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33219"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-02.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-02.txt"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-11.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-11.txt"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-qrvq-68c2-7grw",
"url": "https://github.com/advisories/GHSA-qrvq-68c2-7grw"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-8r68-gvr4-jh7j",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-8r68-gvr4-jh7j"
}
],
"release_date": "2026-03-25T19:55:28.363000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via unbounded memory use in WebSockets"
},
{
"cve": "CVE-2026-33247",
"cwe": {
"id": "CWE-214",
"name": "Invocation of Process Using Visible Sensitive Information"
},
"discovery_date": "2026-03-25T21:02:07.985713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. If the NATS-Server is configured with static credentials provided through command-line arguments (argv) and the monitoring port is enabled, a remote attacker with access to the monitoring port can view these credentials. The /debug/vars endpoint on the monitoring port exposes an unredacted copy of the command-line arguments, leading to information disclosure of sensitive authentication details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Information disclosure of credentials via monitoring port and command-line arguments",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33247"
},
{
"category": "external",
"summary": "RHBZ#2451486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33247",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33247"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-14.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-14.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-x6g4-f6q3-fqvv",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-x6g4-f6q3-fqvv"
}
],
"release_date": "2026-03-25T20:02:18.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Information disclosure of credentials via monitoring port and command-line arguments"
},
{
"cve": "CVE-2026-33413",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"discovery_date": "2026-03-26T14:03:01.896580+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451728"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in etcd, a distributed key-value store. Unauthorized users can bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients. This allows them to access sensitive cluster topology information, disrupt operations through alarms, interfere with lease management, and trigger data compaction, leading to permanent data loss and disruption of critical workflows. This vulnerability can result in information disclosure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: etcd: Authorization bypass allows information disclosure and denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in etcd allows unauthorized users to bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients and etcd\u0027s built-in authentication is enabled. This can lead to information disclosure and denial of service. Typical Red Hat OpenShift Container Platform and Kubernetes deployments are not affected, as the Kubernetes API server handles authentication and authorization independently of etcd\u0027s internal mechanisms.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33413"
},
{
"category": "external",
"summary": "RHBZ#2451728",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451728"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33413",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33413"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33413",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33413"
},
{
"category": "external",
"summary": "https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg",
"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg"
}
],
"release_date": "2026-03-26T13:36:10.919000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Restrict network access to etcd server ports to ensure only trusted components can establish connections. Implement strong client identity at the transport layer, such as mTLS, with tightly scoped client certificate distribution. This will limit unauthorized access to etcd functions.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "etcd: etcd: Authorization bypass allows information disclosure and denial of service"
},
{
"cve": "CVE-2026-33487",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-26T18:02:32.278778+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451814"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in goxmlsig, a Go library for XML Digital Signatures. This vulnerability arises from a programming error, specifically a loop variable capture issue, within the `validateSignature` function. When processing XML Digital Signatures, this error can cause the system to incorrectly validate the signature, potentially allowing an attacker to bypass integrity checks. This issue affects Go versions before 1.22 or projects using older `go.mod` configurations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33487"
},
{
"category": "external",
"summary": "RHBZ#2451814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33487"
},
{
"category": "external",
"summary": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc",
"url": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc"
}
],
"release_date": "2026-03-26T17:17:51.101000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
},
{
"cve": "CVE-2026-33813",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-21T20:01:02.224363+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "RHBZ#2460221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://go.dev/cl/759860",
"url": "https://go.dev/cl/759860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78407",
"url": "https://go.dev/issue/78407"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4961",
"url": "https://pkg.go.dev/vuln/GO-2026-4961"
}
],
"release_date": "2026-04-21T19:21:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing"
},
{
"cve": "CVE-2026-33997",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2026-03-31T03:01:29.529297+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453277"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Moby, an open-source container framework. This vulnerability allows for a privilege validation bypass during `docker plugin install`. Due to an error in the daemon\u0027s privilege comparison logic, the system may incorrectly accept a plugin\u0027s requested privileges that differ from those approved by the user. This could lead to unauthorized privilege escalation for installed plugins.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An important flaw in Moby, an open-source container framework, allows for a privilege validation bypass during `docker plugin install`. This issue stems from an error in the daemon\u0027s privilege comparison logic, which could lead to unauthorized privilege escalation for installed plugins. Red Hat products that leverage Moby and allow Docker plugin installation are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33997"
},
{
"category": "external",
"summary": "RHBZ#2453277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33997",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33997"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33997",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33997"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/releases/tag/docker-v29.3.1",
"url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9",
"url": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9"
}
],
"release_date": "2026-03-31T01:36:51.404000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation"
},
{
"cve": "CVE-2026-34040",
"cwe": {
"id": "CWE-807",
"name": "Reliance on Untrusted Inputs in a Security Decision"
},
"discovery_date": "2026-03-31T03:01:34.530713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453278"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Moby, an open-source container framework. This security vulnerability allows attackers to bypass authorization plugins (AuthZ), which are mechanisms designed to control access and permissions within the container environment. The bypass of these plugins can lead to unauthorized operations and potential compromise of the system\u0027s integrity and confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moby: Moby: Authorization bypass vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34040"
},
{
"category": "external",
"summary": "RHBZ#2453278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34040",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34040"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/releases/tag/docker-v29.3.1",
"url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2",
"url": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2"
}
],
"release_date": "2026-03-31T01:36:48.205000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moby: Moby: Authorization bypass vulnerability"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-40890",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-04-21T20:02:56.729456+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460245"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/gomarkdown/markdown, a Go library for parsing Markdown text and rendering as HTML. A remote attacker could exploit this vulnerability by providing a specially crafted malformed input. Specifically, input containing a \u0027\u003c\u0027 character not followed by a \u0027\u003e\u0027 character, when processed by the SmartypantsRenderer, can lead to an out-of-bounds read or a panic. This can result in a denial of service (DoS) for the application, making it unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/gomarkdown/markdown: github.com/gomarkdown/markdown: Denial of Service via malformed Markdown input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw affecting Red Hat products that utilize the `github.com/gomarkdown/markdown` library. The vulnerability occurs when the `SmartypantsRenderer` processes specially crafted malformed Markdown input containing an unclosed \u0027\u003c\u0027 character, leading to an out-of-bounds read or application panic. A successful exploitation may lead the application using the library unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40890"
},
{
"category": "external",
"summary": "RHBZ#2460245",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460245"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40890",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40890"
},
{
"category": "external",
"summary": "https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778",
"url": "https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778"
},
{
"category": "external",
"summary": "https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7",
"url": "https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7"
}
],
"release_date": "2026-04-21T19:51:53.237000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/gomarkdown/markdown: github.com/gomarkdown/markdown: Denial of Service via malformed Markdown input"
},
{
"cve": "CVE-2026-41602",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-28T10:01:16.099816+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41602"
},
{
"category": "external",
"summary": "RHBZ#2463407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/6",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/6"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:19:06.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation"
},
{
"cve": "CVE-2026-41603",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-04-28T10:01:29.782287+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463411"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or altering sensitive communications and leading to unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"category": "external",
"summary": "RHBZ#2463411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463411"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/7",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/7"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:19:40.564000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation"
},
{
"cve": "CVE-2026-41604",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-28T10:01:47.903741+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463416"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41604"
},
{
"category": "external",
"summary": "RHBZ#2463416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41604",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41604"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41604",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41604"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/5",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/5"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:20:13.996000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability"
},
{
"cve": "CVE-2026-41605",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-28T10:01:54.269412+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463418"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled within the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41605"
},
{
"category": "external",
"summary": "RHBZ#2463418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41605"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41605",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41605"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/4",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/4"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:20:44.319000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability"
},
{
"cve": "CVE-2026-41606",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-04-28T10:01:19.136351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463408"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service (DoS) condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system unavailability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41606"
},
{
"category": "external",
"summary": "RHBZ#2463408",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463408"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41606"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/3",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/3"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:21:12.815000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion"
},
{
"cve": "CVE-2026-41607",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-28T10:01:33.022623+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463412"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41607"
},
{
"category": "external",
"summary": "RHBZ#2463412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41607",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41607"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41607",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41607"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/2",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/2"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:21:48.502000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability"
},
{
"cve": "CVE-2026-41636",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-04-28T10:01:03.992199+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463404"
}
],
"notes": [
{
"category": "description",
"text": "Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41636"
},
{
"category": "external",
"summary": "RHBZ#2463404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463404"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41636"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/1",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/1"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:22:14.639000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion"
},
{
"cve": "CVE-2026-43869",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-05T08:00:56.417384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466660"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43869"
},
{
"category": "external",
"summary": "RHBZ#2466660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466660"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43869",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r",
"url": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r"
}
],
"release_date": "2026-05-05T07:25:48.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-28T20:39:36+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:62b308e48b973c04509efc66de4cdf11acc729625b75f86bab27de82a7230d14_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:dc3c1cc6bdfbf29bf0182bacddcdde3de8517d294ca4f1516eda60f760ffe399_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:df44aad9c2e9fec1d734e494c069cb89fd7b8f33050cfe9db3bdaef4c4ad7cc3_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:fb7cd20d1a90d19fcaddfffd01a94e39dbcc9c97fc9a70e5d7eaefc570fd2dd7_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:8c03495da4214e70589e238a60815c265223952470da6d80034e2f83de5c3c8e_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d91359dca7bc04e59f4f1c0d2e5c8a2ecfd92d3499636be065ec89e8ad2eac4f_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e26dfe26504fa24a04d4e0372461414f6f73c601b7f2f4e7f5e2e520d3281ce8_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:fc03a86fe38f6d3654c013dd47b330fbd0169f239fb21fd3c456ab78b6df3166_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:19014267212e075c68e50fecbe44eabaaadadae448b28b5cfbe3275f27f9fc93_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:42ab1234414fcdc369097e9c63bda3b4ea64c1e3eb87800a394898c91a2c43ad_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:b70fae10e34ad67aa1f347d2e1085a92e1a28666faa273fe3c0c01a4d0780777_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:bb02a2e251f898e1d34b6846001d13cc1e5454b071358556a77997f02f71401d_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:8959841bd45bb6a15ae4a88d37234b3ba36855be6d92e358fa363c6132ab6359_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:33a5f0de8fa49bd67233f9dc5f4f5858858961ecb3da4bcc5c146ce5be91bcd6_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:6b9b507650bf0997ed9828b3d0b69777805aa33dd5b2988a2ef5b3b2bee00dbc_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:74635c357ec4a8697076f015ac15853ee0259e0231620fa349d687be261beae4_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:eaae81482b89e7331d356ddadf8f698e5cfffc9ce4fb616f240f30c9f044ba59_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:176cfe7106e81ff28564ec2cf9e4041d0fcadc7b5ae7537a9cc6db63a8914e5c_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48717ee862e1386928c2a20a3ed04464ad1fc3d519ef026a6fd615c13e22d51b_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:c985ba79e21f5c623fa1b350963d6a8915043e06184cde6f2d813a5c349a4886_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:cffac2b05af519fbd27143d59321675ba8cfd2e4c1531fc15021bd8500987c62_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation"
}
]
}
RHSA-2026:22347
Vulnerability from csaf_redhat - Published: 2026-06-01 22:12 - Updated: 2026-06-09 07:14Summary
Red Hat Security Advisory: Multicluster Global Hub 1.4.5 security update
Severity
Important
Notes
Topic: Multicluster Global Hub v1.4.5 general availability release images, which provide security fixes, bug fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details: Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
No description is available for this CVE.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
A flaw was found in Tempo. A remote attacker can exploit this vulnerability by sending large queries to the Tempo service. This can lead to excessive memory allocations, potentially causing a Denial of Service (DoS) by impacting the availability of the service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker can exploit this vulnerability before authentication by sending a specially crafted WebSockets frame. This missing sanity check can trigger a server panic, leading to a Denial of Service (DoS) for affected deployments that use WebSockets and expose the network port to untrusted endpoints.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. A remote attacker can exploit this vulnerability by connecting to a NATS-Server instance where the 'leafnode' configuration is enabled and compression is active. This pre-authentication flaw allows the attacker to trigger a server crash, resulting in a Denial of Service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. A remote attacker could exploit this vulnerability by manipulating MQTT (Message Queuing Telemetry Transport) Client IDs. This malfeasance allows for the hijacking of client sessions and messages. This could lead to unauthorized access to sensitive information or disruption of service.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Moderate
A flaw was found in NATS-Server, a high-performance server for the NATS.io messaging system. For MQTT deployments utilizing usercodes and passwords, the MQTT passwords were mistakenly categorized as non-authenticating identity statements (JSON Web Tokens - JWT). This misclassification leads to the exposure of these passwords through monitoring endpoints, enabling an attacker with access to these endpoints to gain sensitive information.
8.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. When Access Control Lists (ACLs) were configured for message subjects, these controls were not correctly applied within the `$MQTT.>` namespace. This oversight allows MQTT clients to bypass the intended ACL checks, potentially granting unauthorized access to sensitive message subjects. This vulnerability could lead to information disclosure or unauthorized message manipulation.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker, by connecting to the leafnode port and sending a specially crafted malformed message before authentication, can cause the nats-server to crash. This vulnerability leads to a Denial of Service (DoS), making the server unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. A malicious client connecting to the WebSockets port can cause unbounded memory use before authentication by sending a large amount of data. This resource exhaustion vulnerability can lead to a Denial of Service (DoS) for the server, making it unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. If the NATS-Server is configured with static credentials provided through command-line arguments (argv) and the monitoring port is enabled, a remote attacker with access to the monitoring port can view these credentials. The /debug/vars endpoint on the monitoring port exposes an unredacted copy of the command-line arguments, leading to information disclosure of sensitive authentication details.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in etcd, a distributed key-value store. Unauthorized users can bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients. This allows them to access sensitive cluster topology information, disrupt operations through alarms, interfere with lease management, and trigger data compaction, leading to permanent data loss and disruption of critical workflows. This vulnerability can result in information disclosure and denial of service.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in goxmlsig, a Go library for XML Digital Signatures. This vulnerability arises from a programming error, specifically a loop variable capture issue, within the `validateSignature` function. When processing XML Digital Signatures, this error can cause the system to incorrectly validate the signature, potentially allowing an attacker to bypass integrity checks. This issue affects Go versions before 1.22 or projects using older `go.mod` configurations.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
8.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Moderate
A flaw was found in Moby, an open-source container framework. This vulnerability allows for a privilege validation bypass during `docker plugin install`. Due to an error in the daemon's privilege comparison logic, the system may incorrectly accept a plugin's requested privileges that differ from those approved by the user. This could lead to unauthorized privilege escalation for installed plugins.
8.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in Moby, an open-source container framework. This security vulnerability allows attackers to bypass authorization plugins (AuthZ), which are mechanisms designed to control access and permissions within the container environment. The bypass of these plugins can lead to unauthorized operations and potential compromise of the system's integrity and confidentiality.
8.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in github.com/gomarkdown/markdown, a Go library for parsing Markdown text and rendering as HTML. A remote attacker could exploit this vulnerability by providing a specially crafted malformed input. Specifically, input containing a '<' character not followed by a '>' character, when processed by the SmartypantsRenderer, can lead to an out-of-bounds read or a panic. This can result in a denial of service (DoS) for the application, making it unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or altering sensitive communications and leading to unauthorized access or information disclosure.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled within the application.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service (DoS) condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system unavailability.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Important
Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Threats
Impact
Moderate
A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.
7.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x | — |
Workaround
|
Threats
Impact
Important
References
248 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multicluster Global Hub v1.4.5 general availability release images, which provide security fixes, bug fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. \nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22347",
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21728",
"url": "https://access.redhat.com/security/cve/CVE-2026-21728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27889",
"url": "https://access.redhat.com/security/cve/CVE-2026-27889"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29785",
"url": "https://access.redhat.com/security/cve/CVE-2026-29785"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32283",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32285",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33215",
"url": "https://access.redhat.com/security/cve/CVE-2026-33215"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33216",
"url": "https://access.redhat.com/security/cve/CVE-2026-33216"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33217",
"url": "https://access.redhat.com/security/cve/CVE-2026-33217"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33218",
"url": "https://access.redhat.com/security/cve/CVE-2026-33218"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33219",
"url": "https://access.redhat.com/security/cve/CVE-2026-33219"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33247",
"url": "https://access.redhat.com/security/cve/CVE-2026-33247"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33413",
"url": "https://access.redhat.com/security/cve/CVE-2026-33413"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33487",
"url": "https://access.redhat.com/security/cve/CVE-2026-33487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33813",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33997",
"url": "https://access.redhat.com/security/cve/CVE-2026-33997"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34040",
"url": "https://access.redhat.com/security/cve/CVE-2026-34040"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40890",
"url": "https://access.redhat.com/security/cve/CVE-2026-40890"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41602",
"url": "https://access.redhat.com/security/cve/CVE-2026-41602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41603",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41604",
"url": "https://access.redhat.com/security/cve/CVE-2026-41604"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41605",
"url": "https://access.redhat.com/security/cve/CVE-2026-41605"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41606",
"url": "https://access.redhat.com/security/cve/CVE-2026-41606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41607",
"url": "https://access.redhat.com/security/cve/CVE-2026-41607"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41636",
"url": "https://access.redhat.com/security/cve/CVE-2026-41636"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-43869",
"url": "https://access.redhat.com/security/cve/CVE-2026-43869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22347.json"
}
],
"title": "Red Hat Security Advisory: Multicluster Global Hub 1.4.5 security update",
"tracking": {
"current_release_date": "2026-06-09T07:14:15+00:00",
"generator": {
"date": "2026-06-09T07:14:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:22347",
"initial_release_date": "2026-06-01T22:12:17+00:00",
"revision_history": [
{
"date": "2026-06-01T22:12:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-01T22:12:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-09T07:14:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Multicluster Global Hub 1.4.5",
"product": {
"name": "Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_globalhub:1.4::el9"
}
}
}
],
"category": "product_family",
"name": "Multicluster Global Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1779579439"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779838819"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779839447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256%3Afcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle\u0026tag=1779891163"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779887217"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779147132"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Ae893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1779579439"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779838819"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779839447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779887217"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779147132"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Acdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1779579439"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Af4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779838819"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779839447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779887217"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779147132"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1779579439"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1779838819"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Ae558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1779839447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779887217"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779147132"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64 as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x as a component of Multicluster Global Hub 1.4.5",
"product_id": "Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.4.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-21728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T09:00:58.144273+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461395"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tempo. A remote attacker can exploit this vulnerability by sending large queries to the Tempo service. This can lead to excessive memory allocations, potentially causing a Denial of Service (DoS) by impacting the availability of the service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana/tempo: Tempo: Denial of Service via large queries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21728"
},
{
"category": "external",
"summary": "RHBZ#2461395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21728",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21728"
},
{
"category": "external",
"summary": "https://grafana.com/security/security-advisories/cve-2026-21728",
"url": "https://grafana.com/security/security-advisories/cve-2026-21728"
}
],
"release_date": "2026-04-24T08:00:47.074000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana/tempo: Tempo: Denial of Service via large queries"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-27889",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-25T20:01:58.261703+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451447"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker can exploit this vulnerability before authentication by sending a specially crafted WebSockets frame. This missing sanity check can trigger a server panic, leading to a Denial of Service (DoS) for affected deployments that use WebSockets and expose the network port to untrusted endpoints.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed WebSockets frame",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27889"
},
{
"category": "external",
"summary": "RHBZ#2451447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27889",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27889"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-03.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-03.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6"
}
],
"release_date": "2026-03-25T19:36:36.370000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed WebSockets frame"
},
{
"cve": "CVE-2026-29785",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-03-25T20:01:35.121898+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451444"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A remote attacker can exploit this vulnerability by connecting to a NATS-Server instance where the \u0027leafnode\u0027 configuration is enabled and compression is active. This pre-authentication flaw allows the attacker to trigger a server crash, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via leafnode compression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29785"
},
{
"category": "external",
"summary": "RHBZ#2451444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451444"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29785",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29785"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-04.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-04.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8",
"url": "https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6"
}
],
"release_date": "2026-03-25T19:38:44.587000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via leafnode compression"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32285",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:54.925687+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "RHBZ#2451846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32285",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://github.com/buger/jsonparser/issues/275",
"url": "https://github.com/buger/jsonparser/issues/275"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4514",
"url": "https://github.com/golang/vulndb/issues/4514"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4514",
"url": "https://pkg.go.dev/vuln/GO-2026-4514"
}
],
"release_date": "2026-03-26T19:40:51.837000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33215",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2026-03-24T22:01:19.032191+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451021"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A remote attacker could exploit this vulnerability by manipulating MQTT (Message Queuing Telemetry Transport) Client IDs. This malfeasance allows for the hijacking of client sessions and messages. This could lead to unauthorized access to sensitive information or disruption of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: NATS-Server: Session and message hijacking via MQTT Client ID malfeasance",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33215"
},
{
"category": "external",
"summary": "RHBZ#2451021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451021"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33215"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-06.tx",
"url": "https://advisories.nats.io/CVE/secnote-2026-06.tx"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879"
}
],
"release_date": "2026-03-24T20:55:53.455000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nats-server: NATS-Server: Session and message hijacking via MQTT Client ID malfeasance"
},
{
"cve": "CVE-2026-33216",
"cwe": {
"id": "CWE-213",
"name": "Exposure of Sensitive Information Due to Incompatible Policies"
},
"discovery_date": "2026-03-25T20:02:03.000174+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451448"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance server for the NATS.io messaging system. For MQTT deployments utilizing usercodes and passwords, the MQTT passwords were mistakenly categorized as non-authenticating identity statements (JSON Web Tokens - JWT). This misclassification leads to the exposure of these passwords through monitoring endpoints, enabling an attacker with access to these endpoints to gain sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Information disclosure of MQTT passwords through monitoring endpoints",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33216"
},
{
"category": "external",
"summary": "RHBZ#2451448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451448"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33216"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-05.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-05.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/b5b63cfc35a57075e09c1f57503d31721bed8099",
"url": "https://github.com/nats-io/nats-server/commit/b5b63cfc35a57075e09c1f57503d31721bed8099"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-v722-jcv5-w7mc",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-v722-jcv5-w7mc"
}
],
"release_date": "2026-03-25T19:41:55.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Information disclosure of MQTT passwords through monitoring endpoints"
},
{
"cve": "CVE-2026-33217",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"discovery_date": "2026-03-25T20:01:47.815937+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451446"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. When Access Control Lists (ACLs) were configured for message subjects, these controls were not correctly applied within the `$MQTT.\u003e` namespace. This oversight allows MQTT clients to bypass the intended ACL checks, potentially granting unauthorized access to sensitive message subjects. This vulnerability could lead to information disclosure or unauthorized message manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Access control bypass via unapplied ACLs in MQTT namespace",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33217"
},
{
"category": "external",
"summary": "RHBZ#2451446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451446"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33217",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33217"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-07.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-07.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-jxxm-27vp-c3m5",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-jxxm-27vp-c3m5"
}
],
"release_date": "2026-03-25T19:43:40.969000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Access control bypass via unapplied ACLs in MQTT namespace"
},
{
"cve": "CVE-2026-33218",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-25T20:02:13.680355+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451450"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker, by connecting to the leafnode port and sending a specially crafted malformed message before authentication, can cause the nats-server to crash. This vulnerability leads to a Denial of Service (DoS), making the server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed message pre-authentication on leafnode port",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33218"
},
{
"category": "external",
"summary": "RHBZ#2451450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33218",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33218"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33218"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-10.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-10.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-vprv-35vv-q339",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-vprv-35vv-q339"
}
],
"release_date": "2026-03-25T19:53:12.075000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed message pre-authentication on leafnode port"
},
{
"cve": "CVE-2026-33219",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-25T20:01:41.235854+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451445"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A malicious client connecting to the WebSockets port can cause unbounded memory use before authentication by sending a large amount of data. This resource exhaustion vulnerability can lead to a Denial of Service (DoS) for the server, making it unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via unbounded memory use in WebSockets",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33219"
},
{
"category": "external",
"summary": "RHBZ#2451445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451445"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33219"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-02.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-02.txt"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-11.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-11.txt"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-qrvq-68c2-7grw",
"url": "https://github.com/advisories/GHSA-qrvq-68c2-7grw"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-8r68-gvr4-jh7j",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-8r68-gvr4-jh7j"
}
],
"release_date": "2026-03-25T19:55:28.363000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via unbounded memory use in WebSockets"
},
{
"cve": "CVE-2026-33247",
"cwe": {
"id": "CWE-214",
"name": "Invocation of Process Using Visible Sensitive Information"
},
"discovery_date": "2026-03-25T21:02:07.985713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. If the NATS-Server is configured with static credentials provided through command-line arguments (argv) and the monitoring port is enabled, a remote attacker with access to the monitoring port can view these credentials. The /debug/vars endpoint on the monitoring port exposes an unredacted copy of the command-line arguments, leading to information disclosure of sensitive authentication details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Information disclosure of credentials via monitoring port and command-line arguments",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33247"
},
{
"category": "external",
"summary": "RHBZ#2451486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33247",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33247"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-14.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-14.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-x6g4-f6q3-fqvv",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-x6g4-f6q3-fqvv"
}
],
"release_date": "2026-03-25T20:02:18.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Information disclosure of credentials via monitoring port and command-line arguments"
},
{
"cve": "CVE-2026-33413",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"discovery_date": "2026-03-26T14:03:01.896580+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451728"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in etcd, a distributed key-value store. Unauthorized users can bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients. This allows them to access sensitive cluster topology information, disrupt operations through alarms, interfere with lease management, and trigger data compaction, leading to permanent data loss and disruption of critical workflows. This vulnerability can result in information disclosure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: etcd: Authorization bypass allows information disclosure and denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in etcd allows unauthorized users to bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients and etcd\u0027s built-in authentication is enabled. This can lead to information disclosure and denial of service. Typical Red Hat OpenShift Container Platform and Kubernetes deployments are not affected, as the Kubernetes API server handles authentication and authorization independently of etcd\u0027s internal mechanisms.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33413"
},
{
"category": "external",
"summary": "RHBZ#2451728",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451728"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33413",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33413"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33413",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33413"
},
{
"category": "external",
"summary": "https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg",
"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg"
}
],
"release_date": "2026-03-26T13:36:10.919000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Restrict network access to etcd server ports to ensure only trusted components can establish connections. Implement strong client identity at the transport layer, such as mTLS, with tightly scoped client certificate distribution. This will limit unauthorized access to etcd functions.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "etcd: etcd: Authorization bypass allows information disclosure and denial of service"
},
{
"cve": "CVE-2026-33487",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-26T18:02:32.278778+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451814"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in goxmlsig, a Go library for XML Digital Signatures. This vulnerability arises from a programming error, specifically a loop variable capture issue, within the `validateSignature` function. When processing XML Digital Signatures, this error can cause the system to incorrectly validate the signature, potentially allowing an attacker to bypass integrity checks. This issue affects Go versions before 1.22 or projects using older `go.mod` configurations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33487"
},
{
"category": "external",
"summary": "RHBZ#2451814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33487"
},
{
"category": "external",
"summary": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc",
"url": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc"
}
],
"release_date": "2026-03-26T17:17:51.101000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
},
{
"cve": "CVE-2026-33813",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-21T20:01:02.224363+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "RHBZ#2460221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://go.dev/cl/759860",
"url": "https://go.dev/cl/759860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78407",
"url": "https://go.dev/issue/78407"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4961",
"url": "https://pkg.go.dev/vuln/GO-2026-4961"
}
],
"release_date": "2026-04-21T19:21:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing"
},
{
"cve": "CVE-2026-33997",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2026-03-31T03:01:29.529297+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453277"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Moby, an open-source container framework. This vulnerability allows for a privilege validation bypass during `docker plugin install`. Due to an error in the daemon\u0027s privilege comparison logic, the system may incorrectly accept a plugin\u0027s requested privileges that differ from those approved by the user. This could lead to unauthorized privilege escalation for installed plugins.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An important flaw in Moby, an open-source container framework, allows for a privilege validation bypass during `docker plugin install`. This issue stems from an error in the daemon\u0027s privilege comparison logic, which could lead to unauthorized privilege escalation for installed plugins. Red Hat products that leverage Moby and allow Docker plugin installation are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33997"
},
{
"category": "external",
"summary": "RHBZ#2453277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33997",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33997"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33997",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33997"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/releases/tag/docker-v29.3.1",
"url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9",
"url": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9"
}
],
"release_date": "2026-03-31T01:36:51.404000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation"
},
{
"cve": "CVE-2026-34040",
"cwe": {
"id": "CWE-807",
"name": "Reliance on Untrusted Inputs in a Security Decision"
},
"discovery_date": "2026-03-31T03:01:34.530713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453278"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Moby, an open-source container framework. This security vulnerability allows attackers to bypass authorization plugins (AuthZ), which are mechanisms designed to control access and permissions within the container environment. The bypass of these plugins can lead to unauthorized operations and potential compromise of the system\u0027s integrity and confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moby: Moby: Authorization bypass vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34040"
},
{
"category": "external",
"summary": "RHBZ#2453278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34040",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34040"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/releases/tag/docker-v29.3.1",
"url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2",
"url": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2"
}
],
"release_date": "2026-03-31T01:36:48.205000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moby: Moby: Authorization bypass vulnerability"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-40890",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-04-21T20:02:56.729456+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460245"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/gomarkdown/markdown, a Go library for parsing Markdown text and rendering as HTML. A remote attacker could exploit this vulnerability by providing a specially crafted malformed input. Specifically, input containing a \u0027\u003c\u0027 character not followed by a \u0027\u003e\u0027 character, when processed by the SmartypantsRenderer, can lead to an out-of-bounds read or a panic. This can result in a denial of service (DoS) for the application, making it unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/gomarkdown/markdown: github.com/gomarkdown/markdown: Denial of Service via malformed Markdown input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw affecting Red Hat products that utilize the `github.com/gomarkdown/markdown` library. The vulnerability occurs when the `SmartypantsRenderer` processes specially crafted malformed Markdown input containing an unclosed \u0027\u003c\u0027 character, leading to an out-of-bounds read or application panic. A successful exploitation may lead the application using the library unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40890"
},
{
"category": "external",
"summary": "RHBZ#2460245",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460245"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40890",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40890"
},
{
"category": "external",
"summary": "https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778",
"url": "https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778"
},
{
"category": "external",
"summary": "https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7",
"url": "https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7"
}
],
"release_date": "2026-04-21T19:51:53.237000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/gomarkdown/markdown: github.com/gomarkdown/markdown: Denial of Service via malformed Markdown input"
},
{
"cve": "CVE-2026-41602",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-28T10:01:16.099816+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41602"
},
{
"category": "external",
"summary": "RHBZ#2463407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/6",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/6"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:19:06.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation"
},
{
"cve": "CVE-2026-41603",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-04-28T10:01:29.782287+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463411"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or altering sensitive communications and leading to unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"category": "external",
"summary": "RHBZ#2463411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463411"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/7",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/7"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:19:40.564000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation"
},
{
"cve": "CVE-2026-41604",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-28T10:01:47.903741+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463416"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41604"
},
{
"category": "external",
"summary": "RHBZ#2463416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41604",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41604"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41604",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41604"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/5",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/5"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:20:13.996000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability"
},
{
"cve": "CVE-2026-41605",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-28T10:01:54.269412+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463418"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled within the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41605"
},
{
"category": "external",
"summary": "RHBZ#2463418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41605"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41605",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41605"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/4",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/4"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:20:44.319000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability"
},
{
"cve": "CVE-2026-41606",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-04-28T10:01:19.136351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463408"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service (DoS) condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system unavailability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41606"
},
{
"category": "external",
"summary": "RHBZ#2463408",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463408"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41606"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/3",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/3"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:21:12.815000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion"
},
{
"cve": "CVE-2026-41607",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-28T10:01:33.022623+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463412"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41607"
},
{
"category": "external",
"summary": "RHBZ#2463412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41607",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41607"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41607",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41607"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/2",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/2"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:21:48.502000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability"
},
{
"cve": "CVE-2026-41636",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-04-28T10:01:03.992199+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463404"
}
],
"notes": [
{
"category": "description",
"text": "Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41636"
},
{
"category": "external",
"summary": "RHBZ#2463404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463404"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41636"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/1",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/1"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:22:14.639000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion"
},
{
"cve": "CVE-2026-43869",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-05T08:00:56.417384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466660"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"known_not_affected": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43869"
},
{
"category": "external",
"summary": "RHBZ#2466660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466660"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43869",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r",
"url": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r"
}
],
"release_date": "2026-05-05T07:25:48.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-01T22:12:17+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:0b9dec4d176e5565b83022c319fd5d7182e75280b18ab26c8d7c93400590b49f_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1c700922d285d2c4d08f2288c7c349c96ce58d4320ea9357a746ef7370cb58fe_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:90d4bf9aff2231c853329b597cadf7bf05abd2ca2b11f8edda409155447af981_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f4186f245542f4c8bbe65958c053737d201318c94077d56b22bdcf01207109e1_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:0465ebb0af8b850f3266a5e3400b269d420a6280cb6b883a606f9b588c102acc_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7e2f0f5047b68c0c095994c26952a22e282c5a903cdd777310ef2bc7341cd22e_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cdd8450206b5ffc96f1ca6e0b3ab7b582abf47aad8ece474eb14a035fb355d35_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:e893adfe11d4ace5f9ae4dc1d1b31a8a3c5d1a0c42f033f4d34c452ec294c608_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:06b139d24be23e09faa76eaa046a44985761256e5d4cd066e141a0f559c2eeb6_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:302f8ed5a96fed437997968b1f176d82a47ed82915b4dfa533d18bb0d862a47c_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:3b6e453cd26458e3ae936c315676c3821027e58f2839dbc961b06f67b2107360_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:e558cd17db0182d6d4cdbc225a1865c80a0f60e8b5dbfcd2d8c0d9a5a35207f3_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:fcc094ea7d3ea843c9844c02e432cfc3057a60c67b0b11aa94024452b9d04654_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:3424285f784830793954fbbe211595acc20e8b22908bb3b777c872ad26603223_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:4d826566a79f4334947f04518e77c2c047127c734d6512bfaf3c2a9b3da47b1c_s390x",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:82eb20a578cc227af2c38d51829d82854b60ec92a18d97df0a28ca5a7f9cfab1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9726e04b4c8cb8cb46368b8901dd9dc692a811f93b6020a055040b1c5c9b3f6a_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:20e13782a2f6da9e44085635d93c45c6a62bf37cbfc6370d48ebdfb344688bb1_amd64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:2c45a63b55be2e157cf20129502707955fe9d0ff7b7dd970ee48a2875f2df134_ppc64le",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:71c48f9833ee51bfea877223a14073bd79839b5d0dd85867188fbd908ae23f31_arm64",
"Multicluster Global Hub 1.4.5:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:81949f5fee45799df9566ec4031893c1bf4f9f2d22920591056cf4129bbd54af_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation"
}
]
}
RHSA-2026:22450
Vulnerability from csaf_redhat - Published: 2026-06-02 11:22 - Updated: 2026-06-09 07:14Summary
Red Hat Security Advisory: osbuild-composer security update
Severity
Important
Notes
Topic: An update for osbuild-composer is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.
Security Fix(es):
* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* crypto/x509: Incorrect enforcement of email constraints in crypto/x509 (CVE-2026-27137)
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message (CVE-2026-4427,GHSA-jqcq-xjh3-6g23)
* google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)
* github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server (CVE-2026-32286)
* github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)
* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)
* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
No description is available for this CVE.
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
89 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for osbuild-composer is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.\n\nSecurity Fix(es):\n\n* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* crypto/x509: Incorrect enforcement of email constraints in crypto/x509 (CVE-2026-27137)\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message (CVE-2026-4427,GHSA-jqcq-xjh3-6g23)\n\n* google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)\n\n* github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server (CVE-2026-32286)\n\n* github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)\n\n* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22450",
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "2448626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448626"
},
{
"category": "external",
"summary": "2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "RHEL-179244",
"url": "https://issues.redhat.com/browse/RHEL-179244"
},
{
"category": "external",
"summary": "RHEL-180005",
"url": "https://issues.redhat.com/browse/RHEL-180005"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22450.json"
}
],
"title": "Red Hat Security Advisory: osbuild-composer security update",
"tracking": {
"current_release_date": "2026-06-09T07:14:11+00:00",
"generator": {
"date": "2026-06-09T07:14:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:22450",
"initial_release_date": "2026-06-02T11:22:13+00:00",
"revision_history": [
{
"date": "2026-06-02T11:22:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-02T11:22:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-09T07:14:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:165.1-2.el10_2.x86_64",
"product": {
"name": "osbuild-composer-0:165.1-2.el10_2.x86_64",
"product_id": "osbuild-composer-0:165.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@165.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"product": {
"name": "osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"product_id": "osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@165.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"product": {
"name": "osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"product_id": "osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@165.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"product": {
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"product_id": "osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@165.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"product_id": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@165.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"product": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"product_id": "osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@165.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"product_id": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@165.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64",
"product_id": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@165.1-2.el10_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:165.1-2.el10_2.src",
"product": {
"name": "osbuild-composer-0:165.1-2.el10_2.src",
"product_id": "osbuild-composer-0:165.1-2.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@165.1-2.el10_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:165.1-2.el10_2.aarch64",
"product": {
"name": "osbuild-composer-0:165.1-2.el10_2.aarch64",
"product_id": "osbuild-composer-0:165.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@165.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"product": {
"name": "osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"product_id": "osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@165.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"product": {
"name": "osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"product_id": "osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@165.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"product": {
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"product_id": "osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@165.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"product_id": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@165.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"product": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"product_id": "osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@165.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"product_id": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@165.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"product_id": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@165.1-2.el10_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:165.1-2.el10_2.ppc64le",
"product": {
"name": "osbuild-composer-0:165.1-2.el10_2.ppc64le",
"product_id": "osbuild-composer-0:165.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@165.1-2.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"product": {
"name": "osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"product_id": "osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@165.1-2.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"product": {
"name": "osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"product_id": "osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@165.1-2.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"product": {
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"product_id": "osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@165.1-2.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"product": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"product_id": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@165.1-2.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"product": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"product_id": "osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@165.1-2.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"product_id": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@165.1-2.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"product_id": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@165.1-2.el10_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:165.1-2.el10_2.s390x",
"product": {
"name": "osbuild-composer-0:165.1-2.el10_2.s390x",
"product_id": "osbuild-composer-0:165.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@165.1-2.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:165.1-2.el10_2.s390x",
"product": {
"name": "osbuild-composer-core-0:165.1-2.el10_2.s390x",
"product_id": "osbuild-composer-core-0:165.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@165.1-2.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"product": {
"name": "osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"product_id": "osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@165.1-2.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"product": {
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"product_id": "osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@165.1-2.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"product": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"product_id": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@165.1-2.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"product": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"product_id": "osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@165.1-2.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"product_id": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@165.1-2.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"product_id": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@165.1-2.el10_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:165.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64"
},
"product_reference": "osbuild-composer-0:165.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:165.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le"
},
"product_reference": "osbuild-composer-0:165.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:165.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x"
},
"product_reference": "osbuild-composer-0:165.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:165.1-2.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src"
},
"product_reference": "osbuild-composer-0:165.1-2.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:165.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64"
},
"product_reference": "osbuild-composer-0:165.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:165.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64"
},
"product_reference": "osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:165.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le"
},
"product_reference": "osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:165.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x"
},
"product_reference": "osbuild-composer-core-0:165.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:165.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64"
},
"product_reference": "osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le"
},
"product_reference": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x"
},
"product_reference": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64"
},
"product_reference": "osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le"
},
"product_reference": "osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x"
},
"product_reference": "osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64"
},
"product_reference": "osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64"
},
"product_reference": "osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le"
},
"product_reference": "osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x"
},
"product_reference": "osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:165.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64"
},
"product_reference": "osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:165.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le"
},
"product_reference": "osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:165.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x"
},
"product_reference": "osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:165.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64"
},
"product_reference": "osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T11:22:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.src",
"AppStream-10.2.Z:osbuild-composer-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-core-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-debugsource-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-tests-debuginfo-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-0:165.1-2.el10_2.x86_64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.aarch64",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.s390x",
"AppStream-10.2.Z:osbuild-composer-worker-debuginfo-0:165.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:22465
Vulnerability from csaf_redhat - Published: 2026-06-02 13:10 - Updated: 2026-06-09 07:14Summary
Red Hat Security Advisory: Red Hat Quay 3.17.2
Severity
Important
Notes
Topic: Red Hat Quay 3.17.2 is now available with bug fixes.
Details: Quay 3.17.2
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.
7.0 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
No description is available for this CVE.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).
8.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Important
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Important
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Important
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.
7.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Moderate
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted BuildKit frontend can be leveraged to craft a malicious API message, allowing files to be written outside of the designated BuildKit state directory. This vulnerability, which is a form of arbitrary file write, could enable an attacker to execute unauthorized code or escalate their privileges on the system. This issue arises when custom BuildKit frontends are used with specific configuration options.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.
7.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
7.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 | — |
Workaround
|
Threats
Impact
Important
References
171 references
Acknowledgments
Antony Di Scala
Michael Whale
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.17.2 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.17.2",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22465",
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62718",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29063",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32589",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32590",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33747",
"url": "https://access.redhat.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33894",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40192",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22465.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.17.2",
"tracking": {
"current_release_date": "2026-06-09T07:14:12+00:00",
"generator": {
"date": "2026-06-09T07:14:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:22465",
"initial_release_date": "2026-06-02T13:10:36+00:00",
"revision_history": [
{
"date": "2026-06-02T13:10:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-02T13:10:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-09T07:14:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.17",
"product": {
"name": "Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.17::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=1778601504"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel9\u0026tag=1778599991"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=1778601553"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel9\u0026tag=1778599998"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1778600428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3Ae2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel9\u0026tag=1778599977"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3Ac38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel9\u0026tag=1778600005"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=1779929597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Aeb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel9\u0026tag=1778839890"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel9\u0026tag=1779922205"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Ab3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel9\u0026tag=1778599991"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel9\u0026tag=1778599998"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1778600428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel9\u0026tag=1778599977"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a?arch=arm64\u0026repository_url=registry.redhat.io/quay/clair-rhel9\u0026tag=1778600005"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Ace7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel9\u0026tag=1778839890"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3Aa24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-rhel9\u0026tag=1779922205"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Ad59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel9\u0026tag=1778599991"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3Ab6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel9\u0026tag=1778599998"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Af932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1778600428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel9\u0026tag=1778599977"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel9\u0026tag=1778600005"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel9\u0026tag=1778839890"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel9\u0026tag=1779922205"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Ae1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel9\u0026tag=1778599991"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel9\u0026tag=1778599998"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1778600428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel9\u0026tag=1778599977"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel9\u0026tag=1778600005"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Ad05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel9\u0026tag=1778839890"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel9\u0026tag=1779922205"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64 as a component of Red Hat Quay 3.17",
"product_id": "Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64",
"relates_to_product_reference": "Red Hat Quay 3.17"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-62718",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-09T15:01:48.111177+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456913"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has limited impact due to combination of non-default conditions to exploit: the attacker must be able to control or influence URLs passed to axios in a server-side context, the application must have both `HTTP_PROXY` and `NO_PROXY` configured, and the proxy itself must be positioned to act on the misdirected traffic or have been compromised by the attacker to intercept the rerouted traffic.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "RHBZ#2456913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1",
"url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2",
"url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df",
"url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10661",
"url": "https://github.com/axios/axios/pull/10661"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.0",
"url": "https://github.com/axios/axios/releases/tag/v1.15.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"
}
],
"release_date": "2026-04-09T14:31:46.067000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization"
},
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T00:01:41.404915+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448503"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: DTLS cookie callback buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "RHBZ#2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"release_date": "2026-03-17T23:34:28.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyOpenSSL: DTLS cookie callback buffer overflow"
},
{
"cve": "CVE-2026-29063",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-06T19:00:57.982727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this vulnerability requires that an attacker is able to provide arbitrary data to clients of this library in a way that calls the affected functions with data the attacker controls. In most deployments, the ability to provide data in this fashion requires that an attacker has some degree of privileges to access the affected applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "RHBZ#2445291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw",
"url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"
}
],
"release_date": "2026-03-06T18:25:22.438000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32589",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2026-03-12T14:43:07.878000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446963"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user\u0027s in-progress image upload.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: insecure direct object reference in BlobUpload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials to the Quay registry. Unauthenticated users cannot exploit this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "RHBZ#2446963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32589",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32589"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: insecure direct object reference in BlobUpload"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32590",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-03-12T14:43:11.443000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446964"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: remote code execution using pickle deserialization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials. The attacker must be authenticated to the registry, either through the web interface or through a container tool such as Podman.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "RHBZ#2446964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446964"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32590",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mirror-registry: remote code execution using pickle deserialization"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33747",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-27T02:01:29.921765+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452076"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted BuildKit frontend can be leveraged to craft a malicious API message, allowing files to be written outside of the designated BuildKit state directory. This vulnerability, which is a form of arbitrary file write, could enable an attacker to execute unauthorized code or escalate their privileges on the system. This issue arises when custom BuildKit frontends are used with specific configuration options.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "RHBZ#2452076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452076"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33747",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33747"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33747",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33747"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
"url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj"
}
],
"release_date": "2026-03-27T00:49:06.165000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, avoid using untrusted BuildKit frontends. Restrict the use of custom BuildKit frontends to only those from verified and trusted sources. Do not specify untrusted frontends via `#syntax` or `--build-arg BUILDKIT_SYNTAX`.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend"
},
{
"cve": "CVE-2026-33894",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-27T21:02:52.462999+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "RHBZ#2452464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33894"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc2313#section-8",
"url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"
},
{
"category": "external",
"summary": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE",
"url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc8017.html",
"url": "https://www.rfc-editor.org/rfc/rfc8017.html"
}
],
"release_date": "2026-03-27T20:45:49.583000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-39892",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-08T22:00:59.416053+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "RHBZ#2456735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
"url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"release_date": "2026-04-08T20:49:41.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
},
{
"cve": "CVE-2026-40192",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-04-16T00:00:49.590876+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458856"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library\u0027s failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "RHBZ#2458856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628",
"url": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/pull/9521",
"url": "https://github.com/python-pillow/Pillow/pull/9521"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j"
},
{
"category": "external",
"summary": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb"
}
],
"release_date": "2026-04-15T22:53:56.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T13:10:36+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:3a55b3ec35c4a8e6359043566b86376871be774355cf8f09b442b268b5f2243a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:5821c6d9fc1efb01b375cd59017be0ab7adb1794e8ab92b03387e7930d73fd75_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:97f144ef4b31ee6cfb154555c6f15ef4184bebf9298b440eb604228435513c79_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/clair-rhel9@sha256:c38a3a6547c9da624e72c0a5092fba5668a66a9b2f440808b8b6f100fa1d1ae8_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:844173e5e8d469ff53b4741735f12c262f70122a83e1a3b44287633f87d922f9_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:07ac14b5985a6d1aab2ad58d0ed6fcd94a538de1c9bd171bc4a4162b2ade6a62_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:53294b9f3b327dcd9cd5e2188d0ee4b0861c00923421de85319f2dc442ce7508_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:8e927b2102b2d5cd45629790d16c5ada1cc327b6a64acb33d36e2c4f7fbd9912_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:b6ca818876d348e6204c808d141be0190946279851a00eb4211888e945c90f80_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7914cfbd30aa0ca0a25b72387ef420879f6eb890b607c88b75f6aa1c9528ed2a_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8838c17d3bb0b1490e23866c3ebc3a7c212d381aab4df0d519a8ea2d6099ae3b_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8dded1d8b749a07ff9400399ba8a005d59258eb896b9ff66014587e5b8dd63f6_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f932e889884451edf02937c8c7b858c15542d8f49bed07414c01e9bf4e879bd4_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:466b8c2341eb4d2f6c6dd02c7403e5d96fb011b192b9d3bd1d9519855dee1e5c_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:661fb709bf1bf1b391534159a8df1567245cc791f069035f3c6531ee536cebf8_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:805855fd0e19fcb41d0ee649196ac2eefd19a7af1394c643d1981db033517e27_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-builder-rhel9@sha256:e2e5b4773f22bf9205096f15b3a2275f748c0c3f00f1c480e4f336615a5cea91_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:4aea7185e69a0d0c235cb7d1ee55c9bf4336fe8c2a5a911a9e298d56673f847c_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:0db0854b0aebfbc40f819ee94fadea510ed5b8294a16af0eee88880129d52587_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:b3b93f33b172be548f93e48755e0a88e88de33cbe2d65858ee93c5c5fefa5c1f_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:d59de91f679cc4b70d2093d717dbdf3f8bef7322de1d43f7db2470cff1f022e0_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e1d6574191585e5cc4416c8c6efd5b4dad26b6dba4c54ca4008f8d314d59145d_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-bundle@sha256:706312389cb29f050fbb20ad327d0cdd2adc526fb32346abe1a6e98d64323bfd_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:18eda16fdd54b45a3fe484542d20fb1b1b4fd5b9e38c79d70dc11b4c0e1bab03_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:ce7a9853fdd031d67e796becced393855e1944ecd9e8acb2d589403834d0b7f1_arm64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:d05c09022220346d62bc4dc57984c7368994d317d5745139191d6aba70599883_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-operator-rhel9@sha256:eb037e300339377b57b964f05c5988b3d8f5a1a8fb63a3e167de6b68dc875e1f_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:65c631d107c264bef8a74336077b413609da4cfc37c8c9488afdcaa0df07dad5_s390x",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:8c7f4a453b3414c2d3457f2a8c65b67c70dd55e4bf7a31a9f3674865af5e1da1_amd64",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:9e4588550a0e266f7598eb4af1dd020629357ffd305a02d8e7765114c7210812_ppc64le",
"Red Hat Quay 3.17:registry.redhat.io/quay/quay-rhel9@sha256:a24c973edd52d4a418d415d54108cf44f495a969db1d0f6e5b6149e0a6021110_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
RHSA-2026:22714
Vulnerability from csaf_redhat - Published: 2026-06-03 08:19 - Updated: 2026-06-09 07:14Summary
Red Hat Security Advisory: osbuild-composer security update
Severity
Important
Notes
Topic: An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.
Security Fix(es):
* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* crypto/x509: Incorrect enforcement of email constraints in crypto/x509 (CVE-2026-27137)
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message (CVE-2026-4427,GHSA-jqcq-xjh3-6g23)
* google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)
* github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server (CVE-2026-32286)
* github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)
* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)
* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
No description is available for this CVE.
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
89 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.\n\nSecurity Fix(es):\n\n* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* crypto/x509: Incorrect enforcement of email constraints in crypto/x509 (CVE-2026-27137)\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message (CVE-2026-4427,GHSA-jqcq-xjh3-6g23)\n\n* google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)\n\n* github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server (CVE-2026-32286)\n\n* github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)\n\n* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22714",
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "2448626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448626"
},
{
"category": "external",
"summary": "2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "RHEL-179251",
"url": "https://issues.redhat.com/browse/RHEL-179251"
},
{
"category": "external",
"summary": "RHEL-180018",
"url": "https://issues.redhat.com/browse/RHEL-180018"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22714.json"
}
],
"title": "Red Hat Security Advisory: osbuild-composer security update",
"tracking": {
"current_release_date": "2026-06-09T07:14:14+00:00",
"generator": {
"date": "2026-06-09T07:14:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:22714",
"initial_release_date": "2026-06-03T08:19:01+00:00",
"revision_history": [
{
"date": "2026-06-03T08:19:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-03T08:19:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-09T07:14:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:165.1-2.el9_8.src",
"product": {
"name": "osbuild-composer-0:165.1-2.el9_8.src",
"product_id": "osbuild-composer-0:165.1-2.el9_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@165.1-2.el9_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:165.1-2.el9_8.aarch64",
"product": {
"name": "osbuild-composer-0:165.1-2.el9_8.aarch64",
"product_id": "osbuild-composer-0:165.1-2.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@165.1-2.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"product": {
"name": "osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"product_id": "osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@165.1-2.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"product": {
"name": "osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"product_id": "osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@165.1-2.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"product": {
"name": "osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"product_id": "osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@165.1-2.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"product_id": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@165.1-2.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"product": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"product_id": "osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@165.1-2.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"product_id": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@165.1-2.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"product_id": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@165.1-2.el9_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:165.1-2.el9_8.ppc64le",
"product": {
"name": "osbuild-composer-0:165.1-2.el9_8.ppc64le",
"product_id": "osbuild-composer-0:165.1-2.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@165.1-2.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"product": {
"name": "osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"product_id": "osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@165.1-2.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"product": {
"name": "osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"product_id": "osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@165.1-2.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"product": {
"name": "osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"product_id": "osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@165.1-2.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"product": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"product_id": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@165.1-2.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"product": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"product_id": "osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@165.1-2.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"product_id": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@165.1-2.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"product_id": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@165.1-2.el9_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:165.1-2.el9_8.s390x",
"product": {
"name": "osbuild-composer-0:165.1-2.el9_8.s390x",
"product_id": "osbuild-composer-0:165.1-2.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@165.1-2.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:165.1-2.el9_8.s390x",
"product": {
"name": "osbuild-composer-core-0:165.1-2.el9_8.s390x",
"product_id": "osbuild-composer-core-0:165.1-2.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@165.1-2.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"product": {
"name": "osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"product_id": "osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@165.1-2.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"product": {
"name": "osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"product_id": "osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@165.1-2.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"product": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"product_id": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@165.1-2.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"product": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"product_id": "osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@165.1-2.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"product_id": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@165.1-2.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"product_id": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@165.1-2.el9_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:165.1-2.el9_8.x86_64",
"product": {
"name": "osbuild-composer-0:165.1-2.el9_8.x86_64",
"product_id": "osbuild-composer-0:165.1-2.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@165.1-2.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"product": {
"name": "osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"product_id": "osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@165.1-2.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"product": {
"name": "osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"product_id": "osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@165.1-2.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"product": {
"name": "osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"product_id": "osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@165.1-2.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"product_id": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@165.1-2.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"product": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"product_id": "osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@165.1-2.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"product_id": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@165.1-2.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64",
"product_id": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@165.1-2.el9_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:165.1-2.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64"
},
"product_reference": "osbuild-composer-0:165.1-2.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:165.1-2.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le"
},
"product_reference": "osbuild-composer-0:165.1-2.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:165.1-2.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x"
},
"product_reference": "osbuild-composer-0:165.1-2.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:165.1-2.el9_8.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src"
},
"product_reference": "osbuild-composer-0:165.1-2.el9_8.src",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:165.1-2.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64"
},
"product_reference": "osbuild-composer-0:165.1-2.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:165.1-2.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64"
},
"product_reference": "osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:165.1-2.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le"
},
"product_reference": "osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:165.1-2.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x"
},
"product_reference": "osbuild-composer-core-0:165.1-2.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:165.1-2.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64"
},
"product_reference": "osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le"
},
"product_reference": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x"
},
"product_reference": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64"
},
"product_reference": "osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le"
},
"product_reference": "osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x"
},
"product_reference": "osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64"
},
"product_reference": "osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64"
},
"product_reference": "osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le"
},
"product_reference": "osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:165.1-2.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x"
},
"product_reference": "osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:165.1-2.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64"
},
"product_reference": "osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:165.1-2.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le"
},
"product_reference": "osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:165.1-2.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x"
},
"product_reference": "osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:165.1-2.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64"
},
"product_reference": "osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T08:19:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T08:19:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T08:19:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T08:19:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T08:19:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T08:19:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T08:19:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T08:19:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T08:19:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T08:19:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T08:19:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-core-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-debugsource-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-tests-debuginfo-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-0:165.1-2.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:osbuild-composer-worker-debuginfo-0:165.1-2.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:23345
Vulnerability from csaf_redhat - Published: 2026-06-04 14:16 - Updated: 2026-06-09 07:14Summary
Red Hat Security Advisory: Multicluster Global Hub 1.6.2 security update
Severity
Important
Notes
Topic: Multicluster Global Hub v1.6.2 general availability release images, which provide security fixes, bug fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details: Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
No description is available for this CVE.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
A flaw was found in Tempo. A remote attacker can exploit this vulnerability by sending large queries to the Tempo service. This can lead to excessive memory allocations, potentially causing a Denial of Service (DoS) by impacting the availability of the service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Threats
Impact
Important
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker can exploit this vulnerability before authentication by sending a specially crafted WebSockets frame. This missing sanity check can trigger a server panic, leading to a Denial of Service (DoS) for affected deployments that use WebSockets and expose the network port to untrusted endpoints.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. A remote attacker can exploit this vulnerability by connecting to a NATS-Server instance where the 'leafnode' configuration is enabled and compression is active. This pre-authentication flaw allows the attacker to trigger a server crash, resulting in a Denial of Service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Threats
Impact
Important
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Threats
Impact
Important
A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. A remote attacker could exploit this vulnerability by manipulating MQTT (Message Queuing Telemetry Transport) Client IDs. This malfeasance allows for the hijacking of client sessions and messages. This could lead to unauthorized access to sensitive information or disruption of service.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Threats
Impact
Moderate
A flaw was found in NATS-Server, a high-performance server for the NATS.io messaging system. For MQTT deployments utilizing usercodes and passwords, the MQTT passwords were mistakenly categorized as non-authenticating identity statements (JSON Web Tokens - JWT). This misclassification leads to the exposure of these passwords through monitoring endpoints, enabling an attacker with access to these endpoints to gain sensitive information.
8.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. When Access Control Lists (ACLs) were configured for message subjects, these controls were not correctly applied within the `$MQTT.>` namespace. This oversight allows MQTT clients to bypass the intended ACL checks, potentially granting unauthorized access to sensitive message subjects. This vulnerability could lead to information disclosure or unauthorized message manipulation.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker, by connecting to the leafnode port and sending a specially crafted malformed message before authentication, can cause the nats-server to crash. This vulnerability leads to a Denial of Service (DoS), making the server unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. A malicious client connecting to the WebSockets port can cause unbounded memory use before authentication by sending a large amount of data. This resource exhaustion vulnerability can lead to a Denial of Service (DoS) for the server, making it unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in NATS-Server. If the NATS-Server is configured with static credentials provided through command-line arguments (argv) and the monitoring port is enabled, a remote attacker with access to the monitoring port can view these credentials. The /debug/vars endpoint on the monitoring port exposes an unredacted copy of the command-line arguments, leading to information disclosure of sensitive authentication details.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in etcd, a distributed key-value store. Unauthorized users can bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients. This allows them to access sensitive cluster topology information, disrupt operations through alarms, interfere with lease management, and trigger data compaction, leading to permanent data loss and disruption of critical workflows. This vulnerability can result in information disclosure and denial of service.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in goxmlsig, a Go library for XML Digital Signatures. This vulnerability arises from a programming error, specifically a loop variable capture issue, within the `validateSignature` function. When processing XML Digital Signatures, this error can cause the system to incorrectly validate the signature, potentially allowing an attacker to bypass integrity checks. This issue affects Go versions before 1.22 or projects using older `go.mod` configurations.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
8.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Threats
Impact
Important
A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Threats
Impact
Moderate
A flaw was found in Moby, an open-source container framework. This vulnerability allows for a privilege validation bypass during `docker plugin install`. Due to an error in the daemon's privilege comparison logic, the system may incorrectly accept a plugin's requested privileges that differ from those approved by the user. This could lead to unauthorized privilege escalation for installed plugins.
8.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Threats
Impact
Important
A flaw was found in Moby, an open-source container framework. This security vulnerability allows attackers to bypass authorization plugins (AuthZ), which are mechanisms designed to control access and permissions within the container environment. The bypass of these plugins can lead to unauthorized operations and potential compromise of the system's integrity and confidentiality.
8.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in github.com/gomarkdown/markdown, a Go library for parsing Markdown text and rendering as HTML. A remote attacker could exploit this vulnerability by providing a specially crafted malformed input. Specifically, input containing a '<' character not followed by a '>' character, when processed by the SmartypantsRenderer, can lead to an out-of-bounds read or a panic. This can result in a denial of service (DoS) for the application, making it unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or altering sensitive communications and leading to unauthorized access or information disclosure.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled within the application.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service (DoS) condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system unavailability.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Threats
Impact
Important
A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Threats
Impact
Important
Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Threats
Impact
Moderate
A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.
7.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x | — |
Workaround
|
Threats
Impact
Important
References
248 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multicluster Global Hub v1.6.2 general availability release images, which provide security fixes, bug fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. \nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:23345",
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32283",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32285",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33215",
"url": "https://access.redhat.com/security/cve/CVE-2026-33215"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33216",
"url": "https://access.redhat.com/security/cve/CVE-2026-33216"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33217",
"url": "https://access.redhat.com/security/cve/CVE-2026-33217"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33218",
"url": "https://access.redhat.com/security/cve/CVE-2026-33218"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33219",
"url": "https://access.redhat.com/security/cve/CVE-2026-33219"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33247",
"url": "https://access.redhat.com/security/cve/CVE-2026-33247"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33413",
"url": "https://access.redhat.com/security/cve/CVE-2026-33413"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33487",
"url": "https://access.redhat.com/security/cve/CVE-2026-33487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33813",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33997",
"url": "https://access.redhat.com/security/cve/CVE-2026-33997"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34040",
"url": "https://access.redhat.com/security/cve/CVE-2026-34040"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40890",
"url": "https://access.redhat.com/security/cve/CVE-2026-40890"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41602",
"url": "https://access.redhat.com/security/cve/CVE-2026-41602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41603",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41604",
"url": "https://access.redhat.com/security/cve/CVE-2026-41604"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41605",
"url": "https://access.redhat.com/security/cve/CVE-2026-41605"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41606",
"url": "https://access.redhat.com/security/cve/CVE-2026-41606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41607",
"url": "https://access.redhat.com/security/cve/CVE-2026-41607"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41636",
"url": "https://access.redhat.com/security/cve/CVE-2026-41636"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-43869",
"url": "https://access.redhat.com/security/cve/CVE-2026-43869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21728",
"url": "https://access.redhat.com/security/cve/CVE-2026-21728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27889",
"url": "https://access.redhat.com/security/cve/CVE-2026-27889"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29785",
"url": "https://access.redhat.com/security/cve/CVE-2026-29785"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_23345.json"
}
],
"title": "Red Hat Security Advisory: Multicluster Global Hub 1.6.2 security update",
"tracking": {
"current_release_date": "2026-06-09T07:14:15+00:00",
"generator": {
"date": "2026-06-09T07:14:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:23345",
"initial_release_date": "2026-06-04T14:16:54+00:00",
"revision_history": [
{
"date": "2026-06-04T14:16:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-04T14:17:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-09T07:14:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Multicluster Global Hub 1.6.2",
"product": {
"name": "Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_globalhub:1.6::el9"
}
}
}
],
"category": "product_family",
"name": "Multicluster Global Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1780167118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1780320809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1780321673"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256%3A51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle\u0026tag=1780370487"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779839087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779839762"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1780167118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1780320809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Aa1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1780321673"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ad8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779839087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779839762"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1780167118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1780320809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1780321673"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Af9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779839087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Aff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779839762"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9\u0026tag=1780167118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Aba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9\u0026tag=1780320809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Af2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9\u0026tag=1780321673"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator\u0026tag=1779839087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9\u0026tag=1779839762"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-21728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T09:00:58.144273+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461395"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tempo. A remote attacker can exploit this vulnerability by sending large queries to the Tempo service. This can lead to excessive memory allocations, potentially causing a Denial of Service (DoS) by impacting the availability of the service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana/tempo: Tempo: Denial of Service via large queries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21728"
},
{
"category": "external",
"summary": "RHBZ#2461395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21728",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21728"
},
{
"category": "external",
"summary": "https://grafana.com/security/security-advisories/cve-2026-21728",
"url": "https://grafana.com/security/security-advisories/cve-2026-21728"
}
],
"release_date": "2026-04-24T08:00:47.074000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana/tempo: Tempo: Denial of Service via large queries"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-27889",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-25T20:01:58.261703+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451447"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker can exploit this vulnerability before authentication by sending a specially crafted WebSockets frame. This missing sanity check can trigger a server panic, leading to a Denial of Service (DoS) for affected deployments that use WebSockets and expose the network port to untrusted endpoints.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed WebSockets frame",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27889"
},
{
"category": "external",
"summary": "RHBZ#2451447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27889",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27889"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-03.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-03.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6"
}
],
"release_date": "2026-03-25T19:36:36.370000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed WebSockets frame"
},
{
"cve": "CVE-2026-29785",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-03-25T20:01:35.121898+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451444"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A remote attacker can exploit this vulnerability by connecting to a NATS-Server instance where the \u0027leafnode\u0027 configuration is enabled and compression is active. This pre-authentication flaw allows the attacker to trigger a server crash, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via leafnode compression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29785"
},
{
"category": "external",
"summary": "RHBZ#2451444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451444"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29785",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29785"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-04.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-04.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8",
"url": "https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6"
}
],
"release_date": "2026-03-25T19:38:44.587000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via leafnode compression"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32285",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:54.925687+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32285"
},
{
"category": "external",
"summary": "RHBZ#2451846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32285",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285"
},
{
"category": "external",
"summary": "https://github.com/buger/jsonparser/issues/275",
"url": "https://github.com/buger/jsonparser/issues/275"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4514",
"url": "https://github.com/golang/vulndb/issues/4514"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4514",
"url": "https://pkg.go.dev/vuln/GO-2026-4514"
}
],
"release_date": "2026-03-26T19:40:51.837000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33215",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2026-03-24T22:01:19.032191+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451021"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A remote attacker could exploit this vulnerability by manipulating MQTT (Message Queuing Telemetry Transport) Client IDs. This malfeasance allows for the hijacking of client sessions and messages. This could lead to unauthorized access to sensitive information or disruption of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: NATS-Server: Session and message hijacking via MQTT Client ID malfeasance",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33215"
},
{
"category": "external",
"summary": "RHBZ#2451021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451021"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33215"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-06.tx",
"url": "https://advisories.nats.io/CVE/secnote-2026-06.tx"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879"
}
],
"release_date": "2026-03-24T20:55:53.455000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nats-server: NATS-Server: Session and message hijacking via MQTT Client ID malfeasance"
},
{
"cve": "CVE-2026-33216",
"cwe": {
"id": "CWE-213",
"name": "Exposure of Sensitive Information Due to Incompatible Policies"
},
"discovery_date": "2026-03-25T20:02:03.000174+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451448"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance server for the NATS.io messaging system. For MQTT deployments utilizing usercodes and passwords, the MQTT passwords were mistakenly categorized as non-authenticating identity statements (JSON Web Tokens - JWT). This misclassification leads to the exposure of these passwords through monitoring endpoints, enabling an attacker with access to these endpoints to gain sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Information disclosure of MQTT passwords through monitoring endpoints",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33216"
},
{
"category": "external",
"summary": "RHBZ#2451448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451448"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33216"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-05.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-05.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/b5b63cfc35a57075e09c1f57503d31721bed8099",
"url": "https://github.com/nats-io/nats-server/commit/b5b63cfc35a57075e09c1f57503d31721bed8099"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-v722-jcv5-w7mc",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-v722-jcv5-w7mc"
}
],
"release_date": "2026-03-25T19:41:55.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Information disclosure of MQTT passwords through monitoring endpoints"
},
{
"cve": "CVE-2026-33217",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"discovery_date": "2026-03-25T20:01:47.815937+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451446"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. When Access Control Lists (ACLs) were configured for message subjects, these controls were not correctly applied within the `$MQTT.\u003e` namespace. This oversight allows MQTT clients to bypass the intended ACL checks, potentially granting unauthorized access to sensitive message subjects. This vulnerability could lead to information disclosure or unauthorized message manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Access control bypass via unapplied ACLs in MQTT namespace",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33217"
},
{
"category": "external",
"summary": "RHBZ#2451446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451446"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33217",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33217"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-07.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-07.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-jxxm-27vp-c3m5",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-jxxm-27vp-c3m5"
}
],
"release_date": "2026-03-25T19:43:40.969000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Access control bypass via unapplied ACLs in MQTT namespace"
},
{
"cve": "CVE-2026-33218",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-25T20:02:13.680355+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451450"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server, a high-performance messaging system. A remote attacker, by connecting to the leafnode port and sending a specially crafted malformed message before authentication, can cause the nats-server to crash. This vulnerability leads to a Denial of Service (DoS), making the server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed message pre-authentication on leafnode port",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33218"
},
{
"category": "external",
"summary": "RHBZ#2451450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33218",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33218"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33218"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-10.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-10.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-vprv-35vv-q339",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-vprv-35vv-q339"
}
],
"release_date": "2026-03-25T19:53:12.075000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nats-server: github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed message pre-authentication on leafnode port"
},
{
"cve": "CVE-2026-33219",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-25T20:01:41.235854+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451445"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. A malicious client connecting to the WebSockets port can cause unbounded memory use before authentication by sending a large amount of data. This resource exhaustion vulnerability can lead to a Denial of Service (DoS) for the server, making it unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via unbounded memory use in WebSockets",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33219"
},
{
"category": "external",
"summary": "RHBZ#2451445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451445"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33219"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-02.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-02.txt"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-11.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-11.txt"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-qrvq-68c2-7grw",
"url": "https://github.com/advisories/GHSA-qrvq-68c2-7grw"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-8r68-gvr4-jh7j",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-8r68-gvr4-jh7j"
}
],
"release_date": "2026-03-25T19:55:28.363000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Denial of Service via unbounded memory use in WebSockets"
},
{
"cve": "CVE-2026-33247",
"cwe": {
"id": "CWE-214",
"name": "Invocation of Process Using Visible Sensitive Information"
},
"discovery_date": "2026-03-25T21:02:07.985713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NATS-Server. If the NATS-Server is configured with static credentials provided through command-line arguments (argv) and the monitoring port is enabled, a remote attacker with access to the monitoring port can view these credentials. The /debug/vars endpoint on the monitoring port exposes an unredacted copy of the command-line arguments, leading to information disclosure of sensitive authentication details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/nats-io/nats-server: NATS-Server: Information disclosure of credentials via monitoring port and command-line arguments",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33247"
},
{
"category": "external",
"summary": "RHBZ#2451486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33247",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33247"
},
{
"category": "external",
"summary": "https://advisories.nats.io/CVE/secnote-2026-14.txt",
"url": "https://advisories.nats.io/CVE/secnote-2026-14.txt"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-x6g4-f6q3-fqvv",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-x6g4-f6q3-fqvv"
}
],
"release_date": "2026-03-25T20:02:18.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/nats-io/nats-server: NATS-Server: Information disclosure of credentials via monitoring port and command-line arguments"
},
{
"cve": "CVE-2026-33413",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"discovery_date": "2026-03-26T14:03:01.896580+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451728"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in etcd, a distributed key-value store. Unauthorized users can bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients. This allows them to access sensitive cluster topology information, disrupt operations through alarms, interfere with lease management, and trigger data compaction, leading to permanent data loss and disruption of critical workflows. This vulnerability can result in information disclosure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: etcd: Authorization bypass allows information disclosure and denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in etcd allows unauthorized users to bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients and etcd\u0027s built-in authentication is enabled. This can lead to information disclosure and denial of service. Typical Red Hat OpenShift Container Platform and Kubernetes deployments are not affected, as the Kubernetes API server handles authentication and authorization independently of etcd\u0027s internal mechanisms.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33413"
},
{
"category": "external",
"summary": "RHBZ#2451728",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451728"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33413",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33413"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33413",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33413"
},
{
"category": "external",
"summary": "https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg",
"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg"
}
],
"release_date": "2026-03-26T13:36:10.919000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Restrict network access to etcd server ports to ensure only trusted components can establish connections. Implement strong client identity at the transport layer, such as mTLS, with tightly scoped client certificate distribution. This will limit unauthorized access to etcd functions.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "etcd: etcd: Authorization bypass allows information disclosure and denial of service"
},
{
"cve": "CVE-2026-33487",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-26T18:02:32.278778+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451814"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in goxmlsig, a Go library for XML Digital Signatures. This vulnerability arises from a programming error, specifically a loop variable capture issue, within the `validateSignature` function. When processing XML Digital Signatures, this error can cause the system to incorrectly validate the signature, potentially allowing an attacker to bypass integrity checks. This issue affects Go versions before 1.22 or projects using older `go.mod` configurations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33487"
},
{
"category": "external",
"summary": "RHBZ#2451814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33487"
},
{
"category": "external",
"summary": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc",
"url": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc"
}
],
"release_date": "2026-03-26T17:17:51.101000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
},
{
"cve": "CVE-2026-33813",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-21T20:01:02.224363+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "RHBZ#2460221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://go.dev/cl/759860",
"url": "https://go.dev/cl/759860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78407",
"url": "https://go.dev/issue/78407"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4961",
"url": "https://pkg.go.dev/vuln/GO-2026-4961"
}
],
"release_date": "2026-04-21T19:21:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing"
},
{
"cve": "CVE-2026-33997",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2026-03-31T03:01:29.529297+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453277"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Moby, an open-source container framework. This vulnerability allows for a privilege validation bypass during `docker plugin install`. Due to an error in the daemon\u0027s privilege comparison logic, the system may incorrectly accept a plugin\u0027s requested privileges that differ from those approved by the user. This could lead to unauthorized privilege escalation for installed plugins.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An important flaw in Moby, an open-source container framework, allows for a privilege validation bypass during `docker plugin install`. This issue stems from an error in the daemon\u0027s privilege comparison logic, which could lead to unauthorized privilege escalation for installed plugins. Red Hat products that leverage Moby and allow Docker plugin installation are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33997"
},
{
"category": "external",
"summary": "RHBZ#2453277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33997",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33997"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33997",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33997"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/releases/tag/docker-v29.3.1",
"url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9",
"url": "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9"
}
],
"release_date": "2026-03-31T01:36:51.404000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation"
},
{
"cve": "CVE-2026-34040",
"cwe": {
"id": "CWE-807",
"name": "Reliance on Untrusted Inputs in a Security Decision"
},
"discovery_date": "2026-03-31T03:01:34.530713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453278"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Moby, an open-source container framework. This security vulnerability allows attackers to bypass authorization plugins (AuthZ), which are mechanisms designed to control access and permissions within the container environment. The bypass of these plugins can lead to unauthorized operations and potential compromise of the system\u0027s integrity and confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moby: Moby: Authorization bypass vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34040"
},
{
"category": "external",
"summary": "RHBZ#2453278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34040",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34040"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/releases/tag/docker-v29.3.1",
"url": "https://github.com/moby/moby/releases/tag/docker-v29.3.1"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2",
"url": "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2"
}
],
"release_date": "2026-03-31T01:36:48.205000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moby: Moby: Authorization bypass vulnerability"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-40890",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-04-21T20:02:56.729456+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460245"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/gomarkdown/markdown, a Go library for parsing Markdown text and rendering as HTML. A remote attacker could exploit this vulnerability by providing a specially crafted malformed input. Specifically, input containing a \u0027\u003c\u0027 character not followed by a \u0027\u003e\u0027 character, when processed by the SmartypantsRenderer, can lead to an out-of-bounds read or a panic. This can result in a denial of service (DoS) for the application, making it unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/gomarkdown/markdown: github.com/gomarkdown/markdown: Denial of Service via malformed Markdown input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw affecting Red Hat products that utilize the `github.com/gomarkdown/markdown` library. The vulnerability occurs when the `SmartypantsRenderer` processes specially crafted malformed Markdown input containing an unclosed \u0027\u003c\u0027 character, leading to an out-of-bounds read or application panic. A successful exploitation may lead the application using the library unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40890"
},
{
"category": "external",
"summary": "RHBZ#2460245",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460245"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40890",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40890"
},
{
"category": "external",
"summary": "https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778",
"url": "https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778"
},
{
"category": "external",
"summary": "https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7",
"url": "https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7"
}
],
"release_date": "2026-04-21T19:51:53.237000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/gomarkdown/markdown: github.com/gomarkdown/markdown: Denial of Service via malformed Markdown input"
},
{
"cve": "CVE-2026-41602",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-28T10:01:16.099816+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41602"
},
{
"category": "external",
"summary": "RHBZ#2463407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/6",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/6"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:19:06.646000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation"
},
{
"cve": "CVE-2026-41603",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-04-28T10:01:29.782287+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463411"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or altering sensitive communications and leading to unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"category": "external",
"summary": "RHBZ#2463411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463411"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/7",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/7"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:19:40.564000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation"
},
{
"cve": "CVE-2026-41604",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-28T10:01:47.903741+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463416"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41604"
},
{
"category": "external",
"summary": "RHBZ#2463416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41604",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41604"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41604",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41604"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/5",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/5"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:20:13.996000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability"
},
{
"cve": "CVE-2026-41605",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-28T10:01:54.269412+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463418"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled within the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41605"
},
{
"category": "external",
"summary": "RHBZ#2463418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41605"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41605",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41605"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/4",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/4"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:20:44.319000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Integer Overflow or Wraparound Vulnerability"
},
{
"cve": "CVE-2026-41606",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-04-28T10:01:19.136351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463408"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service (DoS) condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system unavailability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41606"
},
{
"category": "external",
"summary": "RHBZ#2463408",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463408"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41606"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/3",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/3"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:21:12.815000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion"
},
{
"cve": "CVE-2026-41607",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-28T10:01:33.022623+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463412"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41607"
},
{
"category": "external",
"summary": "RHBZ#2463412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41607",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41607"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41607",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41607"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/2",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/2"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:21:48.502000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability"
},
{
"cve": "CVE-2026-41636",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-04-28T10:01:03.992199+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463404"
}
],
"notes": [
{
"category": "description",
"text": "Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41636"
},
{
"category": "external",
"summary": "RHBZ#2463404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463404"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41636"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/1",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/1"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:22:14.639000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion"
},
{
"cve": "CVE-2026-43869",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-05T08:00:56.417384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466660"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43869"
},
{
"category": "external",
"summary": "RHBZ#2466660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466660"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43869",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r",
"url": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r"
}
],
"release_date": "2026-05-05T07:25:48.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:16:54+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:51353652e207a04ede5c7f0f11ddc82150f2ca79a110a5e85d8c6e13ccdfa8f5_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:564d1f145c46663a04b05f5210388c27e888714911bcafb19bfb8a88821becc6_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7e1aeac1da9e9c9ac413b8f9380a911e89c4c81fe5dd38656bb301ddb0918ccf_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:ba4697a2a94a5bb6e4b5e5edeebe04f24125f910ae158d070cecf73374d959f0_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:05f069047e37620fa1ea72f0c0cbea205f27a4a4594c674b59d6dfa2a18f9f26_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:11e5a558fb1a9ecae142c55512fd4ab028b9162be4ae491f491ee030c6206194_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:76d186f4c2ffdf0d62399ff9f3c78bee536e9193647d571fcb2123743f163c50_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:9a70b0f09751c7b595b2372275a7be806768632722b921ad828f2d30db9fedde_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2b11ee4ff5d5a5dce7cd2c03b1cf088e27cf23816b1f5e9dfc11a136052a9542_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:56e32b74a97b5211573194b1358613d07fd967944c0bde22eb1f9b61ef1ff1b8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a1dc9d34a9b9dd90eedec8b4bf5d246066ff8c964142376d190e72eca5eb6d03_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:f2784cac203f5ecb3d9de7f1312af0aa5ada9b673ab1c3188d839e1e13a3146b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:51bf429464a9e7f1b928bb60acb5cabc4491741884ac8e85fdee56092a2b03e8_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:07a4a707ac56ea0fb5b805e58e535cbd7503c71027ccb5a9a412e63ced8db831_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c2e24a5caf18deaf56a4f9e7bae8e013de18b64e3bad8560b959d595e11272e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:556fff489ab3d6794c3cef4c10d09ceda194b02a9bf8a7bf1542e40802adeec6_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:ff7d02b17b98ef8f65368c6b93e76e4ceb683411af5c3037484acb0508f31ea1_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:262ad6cee9e2176214103ecd866dd502d2d68b24b9f9be08e934f8fa3a285176_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:3e619a5807582f6b5d7f50909667b9e0e3391f0166a3c322988d3b534f8cf103_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d8b6bfdd948e9b0b423a240d2538eefa3bfd742635c27ee0db23c7af96657c4a_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:f9aab6b75117767d41e24dee791df45d42758c70c5d5ef6b435564e73b3c1d6f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation"
}
]
}
RHSA-2026:23361
Vulnerability from csaf_redhat - Published: 2026-06-04 14:36 - Updated: 2026-06-09 07:14Summary
Red Hat Security Advisory: Red Hat Quay 3.9.22
Severity
Important
Notes
Topic: Red Hat Quay 3.9.22 is now available with bug fixes.
Details: Quay 3.9.22
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.
7.0 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Threats
Impact
Important
No description is available for this CVE.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service (DoS) by hanging the process.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Threats
Impact
Important
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
5.9 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
7.4 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Threats
Impact
Important
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.
7.1 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.
7.3 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
7.4 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
7.4 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
8.2 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
7.2 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
7.4 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 | — |
Workaround
|
Threats
Impact
Important
References
158 references
Acknowledgments
Antony Di Scala
Michael Whale
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9.22 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9.22",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:23361",
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62718",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2377",
"url": "https://access.redhat.com/security/cve/CVE-2026-2377"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32589",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32590",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33894",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40192",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4598",
"url": "https://access.redhat.com/security/cve/CVE-2026-4598"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_23361.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.9.22",
"tracking": {
"current_release_date": "2026-06-09T07:14:19+00:00",
"generator": {
"date": "2026-06-09T07:14:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:23361",
"initial_release_date": "2026-06-04T14:36:50+00:00",
"revision_history": [
{
"date": "2026-06-04T14:36:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-04T14:36:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-09T07:14:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.9",
"product": {
"name": "Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=1779233745"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1779233264"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=1779233747"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1779233279"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1779233697"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Add303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1779233301"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Aff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1779233282"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=1779815781"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ae89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1779233286"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ae43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779811473"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ab20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1779233264"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1779233279"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1779233301"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1779233282"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1779233286"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779811473"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1779233264"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1779233279"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1779233301"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1779233282"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ae7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1779233286"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Acc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779811473"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-62718",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-09T15:01:48.111177+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456913"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has limited impact due to combination of non-default conditions to exploit: the attacker must be able to control or influence URLs passed to axios in a server-side context, the application must have both `HTTP_PROXY` and `NO_PROXY` configured, and the proxy itself must be positioned to act on the misdirected traffic or have been compromised by the attacker to intercept the rerouted traffic.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "RHBZ#2456913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1",
"url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2",
"url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df",
"url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10661",
"url": "https://github.com/axios/axios/pull/10661"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.0",
"url": "https://github.com/axios/axios/releases/tag/v1.15.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"
}
],
"release_date": "2026-04-09T14:31:46.067000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-2377",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-02-11T21:02:44.495000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439201"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application\u0027s backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Due to the intended and supported use case of Openshift Mirror Registry, deployment in an offline or network-isolated environment, the impact for this product has been downgraded to `Moderate`.\n\nEven in case of compromise, the blast radius is restricted to mirror-registry. It can not be escalated outside the core product. This vulnerability has been scored based on the lack of change of scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2377"
},
{
"category": "external",
"summary": "RHBZ#2439201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2377",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2377"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2377",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2377"
}
],
"release_date": "2026-04-08T16:18:10.324000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality"
},
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-4598",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-03-23T06:01:47.891452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service (DoS) by hanging the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: A denial of service flaw was found in jsrsasign. This vulnerability allows a remote attacker to cause a permanent denial of service by providing specially crafted zero or negative inputs to the bnModInverse function, leading to an infinite loop. This affects Red Hat Migration Toolkit for Virtualization and Red Hat Quay, which utilize the vulnerable jsrsasign component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4598"
},
{
"category": "external",
"summary": "RHBZ#2450210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264",
"url": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323",
"url": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/648",
"url": "https://github.com/kjur/jsrsasign/pull/648"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938"
}
],
"release_date": "2026-03-23T05:00:11.571000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32589",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2026-03-12T14:43:07.878000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446963"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user\u0027s in-progress image upload.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: insecure direct object reference in BlobUpload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials to the Quay registry. Unauthenticated users cannot exploit this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "RHBZ#2446963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32589",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32589"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: insecure direct object reference in BlobUpload"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32590",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-03-12T14:43:11.443000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446964"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: remote code execution using pickle deserialization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials. The attacker must be authenticated to the registry, either through the web interface or through a container tool such as Podman.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "RHBZ#2446964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446964"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32590",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mirror-registry: remote code execution using pickle deserialization"
},
{
"cve": "CVE-2026-33894",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-27T21:02:52.462999+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "RHBZ#2452464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33894"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc2313#section-8",
"url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"
},
{
"category": "external",
"summary": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE",
"url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc8017.html",
"url": "https://www.rfc-editor.org/rfc/rfc8017.html"
}
],
"release_date": "2026-03-27T20:45:49.583000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-39892",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-08T22:00:59.416053+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "RHBZ#2456735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
"url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"release_date": "2026-04-08T20:49:41.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
},
{
"cve": "CVE-2026-40192",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-04-16T00:00:49.590876+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458856"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library\u0027s failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "RHBZ#2458856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628",
"url": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/pull/9521",
"url": "https://github.com/python-pillow/Pillow/pull/9521"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j"
},
{
"category": "external",
"summary": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb"
}
],
"release_date": "2026-04-15T22:53:56.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T14:36:50+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0b0ecd3a428dece445d557be19d0996b6ac9d6bb6da31afdb7421bc9939611b2_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:1b7667a1d8270eb378a553a47e2002ea8a1d6273a85774ecd43a7942ea2a9390_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ff1876083ba67b1ba5b29f8e186a4f8409083c7939607ebb65866e7a1cb39bbe_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:086d403e42c9ef583f6a3cd8a5a1169967085ebf764376e53f1a4f013cf14b6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54f11bcca5d5ae3f68670136447d2072ac8c0d7bf2711f0f73df7fd50e70f537_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:56b5da889ae2dd8fa359ac965a47d5e54942748de4c1506d18081fe8e5639424_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:5e980b6d4a08d3aa8851c3402eccfecd9cd71c73bce187a7c8e131d0ff3d480b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:499887bb396966300a42f61f1f70450d9e726d78737e6b8346e8fc64336d5e9f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:39b151d9d7f16612535c6f49e2618f7adeaac6ba9988b76e2cbc4361ee7cd80c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:3a2c4cdcfb18d07736c6a7e890fc07c664cd2c343d7eaa566552149b860a471e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dd303901b2b6ad736407e0fabcf6a70cac9fe9fe1976a89e2e53570fcbacf17d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:8c7d45b2b41967720762c47cace1a1467c770e310e840c66de140da510e6f7bc_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9ad3688f341e892ef223c2029edc9502ee4d6b2687871370a442f6951f7bb4f0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:9f5305c63f44d84776243024a9c73e7939d5e5280bbebd17bec78610fc09b078_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b20353ac757b01c006989ac9c109341e95278b5c22b6432fdfe9588583b9c9f5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:8dd0d4412f7db90bd986f2f2c25016494a0027a2a9ea0d72657843429e448793_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:5dbc5ef200e2c26c8fe6e8b82d0223f06987972f19bf94e333f30faded46657b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e7330d260bb74ead476d4ff45607bc78d87a518d311f6a874bb9e5f38be3b40e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:e89ae6e88f763af3ebf269c2cf41ef4cdf248e532cc4266f608b943cefbd8b2d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:213950327c209a8132eabba4de3dc940cd15f5a5d5ae7efd2b75c3c08c06a682_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cc7110e65ef4d9ec5d3f19741e973318bd8699059886e4514015a228365256bb_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:e43d2243b0ec9c5875b3bfe44cc2507c0b5e0226afa94662b98cbadcc0d220b6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…